diff --git a/config/_default/menus/api.en.yaml b/config/_default/menus/api.en.yaml index 74982502f18d1..839c6df95629b 100644 --- a/config/_default/menus/api.en.yaml +++ b/config/_default/menus/api.en.yaml @@ -5548,6 +5548,66 @@ menu: url: /api/latest/application-security/ identifier: application-security generated: true + - name: Update a WAF Policy + url: '#update-a-waf-policy' + identifier: application-security-update-a-waf-policy + parent: application-security + generated: true + params: + versions: + - v2 + operationids: + - UpdateApplicationSecurityWafPolicy + unstable: [] + order: 15 + - name: Get a WAF Policy + url: '#get-a-waf-policy' + identifier: application-security-get-a-waf-policy + parent: application-security + generated: true + params: + versions: + - v2 + operationids: + - GetApplicationSecurityWafPolicy + unstable: [] + order: 10 + - name: Delete a WAF Policy + url: '#delete-a-waf-policy' + identifier: application-security-delete-a-waf-policy + parent: application-security + generated: true + params: + versions: + - v2 + operationids: + - DeleteApplicationSecurityWafPolicy + unstable: [] + order: 16 + - name: Create a WAF Policy + url: '#create-a-waf-policy' + identifier: application-security-create-a-waf-policy + parent: application-security + generated: true + params: + versions: + - v2 + operationids: + - CreateApplicationSecurityWafPolicy + unstable: [] + order: 12 + - name: List all WAF policies + url: '#list-all-waf-policies' + identifier: application-security-list-all-waf-policies + parent: application-security + generated: true + params: + versions: + - v2 + operationids: + - ListApplicationSecurityWAFPolicies + unstable: [] + order: 13 - name: Update a WAF exclusion filter url: '#update-a-waf-exclusion-filter' identifier: application-security-update-a-waf-exclusion-filter @@ -5619,7 +5679,7 @@ menu: operationids: - UpdateApplicationSecurityWafCustomRule unstable: [] - order: 15 + order: 25 - name: Get a WAF custom rule url: '#get-a-waf-custom-rule' identifier: application-security-get-a-waf-custom-rule @@ -5631,7 +5691,7 @@ menu: operationids: - GetApplicationSecurityWafCustomRule unstable: [] - order: 10 + order: 20 - name: Delete a WAF Custom Rule url: '#delete-a-waf-custom-rule' identifier: application-security-delete-a-waf-custom-rule @@ -5643,7 +5703,7 @@ menu: operationids: - DeleteApplicationSecurityWafCustomRule unstable: [] - order: 16 + order: 26 - name: Create a WAF custom rule url: '#create-a-waf-custom-rule' identifier: application-security-create-a-waf-custom-rule @@ -5655,7 +5715,7 @@ menu: operationids: - CreateApplicationSecurityWafCustomRule unstable: [] - order: 12 + order: 22 - name: List all WAF custom rules url: '#list-all-waf-custom-rules' identifier: application-security-list-all-waf-custom-rules @@ -5667,7 +5727,7 @@ menu: operationids: - ListApplicationSecurityWAFCustomRules unstable: [] - order: 13 + order: 23 - name: Audit url: /api/latest/audit/ identifier: audit diff --git a/content/en/api/v2/application-security/examples.json b/content/en/api/v2/application-security/examples.json index 1e10bd8daa37a..1c39c8b46eea5 100644 --- a/content/en/api/v2/application-security/examples.json +++ b/content/en/api/v2/application-security/examples.json @@ -1036,5 +1036,445 @@ }, "html": "
\n
\n
\n
\n

data [required]

\n
\n

object

\n

Object for updating a single WAF exclusion filter.

\n
\n
\n
\n
\n
\n

attributes [required]

\n
\n

object

\n

Attributes for updating a WAF exclusion filter.

\n
\n
\n
\n
\n
\n

description [required]

\n
\n

string

\n

A description for the exclusion filter.

\n
\n \n
\n
\n
\n
\n
\n

enabled [required]

\n
\n

boolean

\n

Indicates whether the exclusion filter is enabled.

\n
\n \n
\n
\n
\n
\n
\n

ip_list

\n
\n

[string]

\n

The client IP addresses matched by the exclusion filter (CIDR notation is supported).

\n
\n \n
\n
\n
\n
\n
\n

on_match

\n
\n

enum

\n

The action taken when the exclusion filter matches. When set to monitor, security traces are emitted but the requests are not blocked. By default, security traces are not emitted and the requests are not blocked. \nAllowed enum values: monitor

\n
\n \n
\n
\n
\n
\n
\n

parameters

\n
\n

[string]

\n

A list of parameters matched by the exclusion filter in the HTTP query string and HTTP request body. Nested parameters can be matched by joining fields with a dot character.

\n
\n \n
\n
\n
\n
\n
\n

path_glob

\n
\n

string

\n

The HTTP path glob expression matched by the exclusion filter.

\n
\n \n
\n
\n
\n
\n
\n

rules_target

\n
\n

[object]

\n

The WAF rules targeted by the exclusion filter.

\n
\n
\n
\n
\n
\n

rule_id

\n
\n

string

\n

Target a single WAF rule based on its identifier.

\n
\n \n
\n
\n
\n
\n
\n

tags

\n
\n

object

\n

Target multiple WAF rules based on their tags.

\n
\n
\n
\n
\n
\n

category

\n
\n

string

\n

The category of the targeted WAF rules.

\n
\n \n
\n
\n
\n
\n
\n

type

\n
\n

string

\n

The type of the targeted WAF rules.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n
\n
\n

scope

\n
\n

[object]

\n

The services where the exclusion filter is deployed.

\n
\n
\n
\n
\n
\n

env

\n
\n

string

\n

Deploy on this environment.

\n
\n \n
\n
\n
\n
\n
\n

service

\n
\n

string

\n

Deploy on this service.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n
\n
\n

type [required]

\n
\n

enum

\n

Type of the resource. The value should always be exclusion_filter. \nAllowed enum values: exclusion_filter

default: exclusion_filter

\n
\n \n
\n
\n
\n
" } + }, + "ListApplicationSecurityWAFPolicies": { + "responses": { + "200": { + "json": { + "data": [ + { + "attributes": { + "description": "Policy applied to internal web applications.", + "isDefault": false, + "name": "Internal Network Policy", + "protectionPresets": [ + "attack-tools" + ], + "rules": [ + { + "blocking": false, + "enabled": true, + "id": "rasp-001-002" + } + ], + "scope": [ + { + "env": "prod", + "service": "billing-service" + } + ], + "version": 0 + }, + "id": "2857c47d-1e3a-4300-8b2f-dc24089c084b", + "metadata": { + "added_at": "2021-01-01T00:00:00Z", + "added_by": "john.doe@datadoghq.com", + "added_by_name": "John Doe", + "modified_at": "2021-01-01T00:00:00Z", + "modified_by": "john.doe@datadoghq.com", + "modified_by_name": "John Doe" + }, + "type": "policy" + } + ] + }, + "html": "
\n
\n
\n
\n

data

\n
\n

[object]

\n

The WAF policy data.

\n
\n
\n
\n
\n
\n

attributes

\n
\n

object

\n

A WAF policy.

\n
\n
\n
\n
\n
\n

description [required]

\n
\n

string

\n

Description of the WAF policy.

\n
\n \n
\n
\n
\n
\n
\n

isDefault

\n
\n

boolean

\n

Make this policy the default policy. The default policy is applied to every services not specifically added to another policy.

\n
\n \n
\n
\n
\n
\n
\n

name [required]

\n
\n

string

\n

The Name of the WAF policy.

\n
\n \n
\n
\n
\n
\n
\n

protectionPresets

\n
\n

[string]

\n

Presets enabled on this policy.

\n
\n \n
\n
\n
\n
\n
\n

rules

\n
\n

[object]

\n

Rule overrides applied by the policy.

\n
\n
\n
\n
\n
\n

blocking [required]

\n
\n

boolean

\n

When blocking is enabled, the rule will block the traffic matched by this rule.

\n
\n \n
\n
\n
\n
\n
\n

enabled [required]

\n
\n

boolean

\n

When false, this rule will not match any traffic.

\n
\n \n
\n
\n
\n
\n
\n

id [required]

\n
\n

string

\n

Override the parameters for this WAF rule identifier.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

scope

\n
\n

[object]

\n

The scope of the WAF policy.

\n
\n
\n
\n
\n
\n

env [required]

\n
\n

string

\n

The environment scope for the WAF policy.

\n
\n \n
\n
\n
\n
\n
\n

service [required]

\n
\n

string

\n

The service scope for the WAF policy.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

version

\n
\n

int64

\n

Version of the WAF ruleset maintained by Datadog used by this policy. 0 is the default value.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

id

\n
\n

string

\n

The ID of the policy.

\n
\n \n
\n
\n
\n
\n
\n

metadata

\n
\n

object

\n

Metadata associated with the WAF policy.

\n
\n
\n
\n
\n
\n

added_at

\n
\n

date-time

\n

The date and time the WAF policy was created.

\n
\n \n
\n
\n
\n
\n
\n

added_by

\n
\n

string

\n

The handle of the user who created the WAF policy.

\n
\n \n
\n
\n
\n
\n
\n

added_by_name

\n
\n

string

\n

The name of the user who created the WAF policy.

\n
\n \n
\n
\n
\n
\n
\n

modified_at

\n
\n

date-time

\n

The date and time the WAF policy was last updated.

\n
\n \n
\n
\n
\n
\n
\n

modified_by

\n
\n

string

\n

The handle of the user who last updated the WAF policy.

\n
\n \n
\n
\n
\n
\n
\n

modified_by_name

\n
\n

string

\n

The name of the user who last updated the WAF policy.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

type

\n
\n

enum

\n

The type of the resource. The value should always be policy. \nAllowed enum values: policy

default: policy

\n
\n \n
\n
\n
\n
" + }, + "403": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "429": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + } + }, + "request": { + "json_curl": {}, + "json": {}, + "html": "" + } + }, + "CreateApplicationSecurityWafPolicy": { + "responses": { + "201": { + "json": { + "data": { + "attributes": { + "description": "Policy applied to internal web applications.", + "isDefault": false, + "name": "Internal Network Policy", + "protectionPresets": [ + "attack-tools" + ], + "rules": [ + { + "blocking": false, + "enabled": true, + "id": "rasp-001-002" + } + ], + "scope": [ + { + "env": "prod", + "service": "billing-service" + } + ], + "version": 0 + }, + "id": "2857c47d-1e3a-4300-8b2f-dc24089c084b", + "metadata": { + "added_at": "2021-01-01T00:00:00Z", + "added_by": "john.doe@datadoghq.com", + "added_by_name": "John Doe", + "modified_at": "2021-01-01T00:00:00Z", + "modified_by": "john.doe@datadoghq.com", + "modified_by_name": "John Doe" + }, + "type": "policy" + } + }, + "html": "
\n
\n
\n
\n

data

\n
\n

object

\n

Object for a single WAF policy.

\n
\n
\n
\n
\n
\n

attributes

\n
\n

object

\n

A WAF policy.

\n
\n
\n
\n
\n
\n

description [required]

\n
\n

string

\n

Description of the WAF policy.

\n
\n \n
\n
\n
\n
\n
\n

isDefault

\n
\n

boolean

\n

Make this policy the default policy. The default policy is applied to every services not specifically added to another policy.

\n
\n \n
\n
\n
\n
\n
\n

name [required]

\n
\n

string

\n

The Name of the WAF policy.

\n
\n \n
\n
\n
\n
\n
\n

protectionPresets

\n
\n

[string]

\n

Presets enabled on this policy.

\n
\n \n
\n
\n
\n
\n
\n

rules

\n
\n

[object]

\n

Rule overrides applied by the policy.

\n
\n
\n
\n
\n
\n

blocking [required]

\n
\n

boolean

\n

When blocking is enabled, the rule will block the traffic matched by this rule.

\n
\n \n
\n
\n
\n
\n
\n

enabled [required]

\n
\n

boolean

\n

When false, this rule will not match any traffic.

\n
\n \n
\n
\n
\n
\n
\n

id [required]

\n
\n

string

\n

Override the parameters for this WAF rule identifier.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

scope

\n
\n

[object]

\n

The scope of the WAF policy.

\n
\n
\n
\n
\n
\n

env [required]

\n
\n

string

\n

The environment scope for the WAF policy.

\n
\n \n
\n
\n
\n
\n
\n

service [required]

\n
\n

string

\n

The service scope for the WAF policy.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

version

\n
\n

int64

\n

Version of the WAF ruleset maintained by Datadog used by this policy. 0 is the default value.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

id

\n
\n

string

\n

The ID of the policy.

\n
\n \n
\n
\n
\n
\n
\n

metadata

\n
\n

object

\n

Metadata associated with the WAF policy.

\n
\n
\n
\n
\n
\n

added_at

\n
\n

date-time

\n

The date and time the WAF policy was created.

\n
\n \n
\n
\n
\n
\n
\n

added_by

\n
\n

string

\n

The handle of the user who created the WAF policy.

\n
\n \n
\n
\n
\n
\n
\n

added_by_name

\n
\n

string

\n

The name of the user who created the WAF policy.

\n
\n \n
\n
\n
\n
\n
\n

modified_at

\n
\n

date-time

\n

The date and time the WAF policy was last updated.

\n
\n \n
\n
\n
\n
\n
\n

modified_by

\n
\n

string

\n

The handle of the user who last updated the WAF policy.

\n
\n \n
\n
\n
\n
\n
\n

modified_by_name

\n
\n

string

\n

The name of the user who last updated the WAF policy.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

type

\n
\n

enum

\n

The type of the resource. The value should always be policy. \nAllowed enum values: policy

default: policy

\n
\n \n
\n
\n
\n
" + }, + "400": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "403": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "409": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "429": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + } + }, + "request": { + "json_curl": { + "data": { + "attributes": { + "basedOn": "recommended", + "description": "Policy applied to internal web applications.", + "name": "Internal Network Policy", + "rules": [ + { + "blocking": false, + "enabled": true, + "id": "rasp-001-002" + } + ], + "scope": [ + { + "env": "prod", + "service": "billing-service" + } + ] + }, + "type": "policy" + } + }, + "json": { + "data": { + "attributes": { + "basedOn": "recommended", + "description": "Policy applied to internal web applications.", + "isDefault": false, + "name": "Internal Network Policy", + "protectionPresets": [ + "attack-tools" + ], + "rules": [ + { + "blocking": false, + "enabled": true, + "id": "rasp-001-002" + } + ], + "scope": [ + { + "env": "prod", + "service": "billing-service" + } + ], + "version": 0 + }, + "type": "policy" + } + }, + "html": "
\n
\n
\n
\n

data [required]

\n
\n

object

\n

Object for a single WAF policy.

\n
\n
\n
\n
\n
\n

attributes [required]

\n
\n

object

\n

Create a new WAF policy.

\n
\n
\n
\n
\n
\n

basedOn [required]

\n
\n

string

\n

When creating a new policy, clone the policy indicated by this identifier.

\n
\n \n
\n
\n
\n
\n
\n

description [required]

\n
\n

string

\n

Description of the WAF policy.

\n
\n \n
\n
\n
\n
\n
\n

isDefault

\n
\n

boolean

\n

Make this policy the default policy. The default policy is applied to every services not specifically added to another policy.

\n
\n \n
\n
\n
\n
\n
\n

name [required]

\n
\n

string

\n

The Name of the WAF policy.

\n
\n \n
\n
\n
\n
\n
\n

protectionPresets

\n
\n

[string]

\n

Presets enabled on this policy.

\n
\n \n
\n
\n
\n
\n
\n

rules

\n
\n

[object]

\n

Rule overrides applied by the policy.

\n
\n
\n
\n
\n
\n

blocking [required]

\n
\n

boolean

\n

When blocking is enabled, the rule will block the traffic matched by this rule.

\n
\n \n
\n
\n
\n
\n
\n

enabled [required]

\n
\n

boolean

\n

When false, this rule will not match any traffic.

\n
\n \n
\n
\n
\n
\n
\n

id [required]

\n
\n

string

\n

Override the parameters for this WAF rule identifier.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

scope

\n
\n

[object]

\n

The scope of the WAF policy.

\n
\n
\n
\n
\n
\n

env [required]

\n
\n

string

\n

The environment scope for the WAF policy.

\n
\n \n
\n
\n
\n
\n
\n

service [required]

\n
\n

string

\n

The service scope for the WAF policy.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

version

\n
\n

int64

\n

Version of the WAF ruleset maintained by Datadog used by this policy. 0 is the default value.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

type [required]

\n
\n

enum

\n

The type of the resource. The value should always be policy. \nAllowed enum values: policy

default: policy

\n
\n \n
\n
\n
\n
" + } + }, + "DeleteApplicationSecurityWafPolicy": { + "responses": { + "403": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "404": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "409": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "429": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + } + }, + "request": { + "json_curl": {}, + "json": {}, + "html": "" + } + }, + "GetApplicationSecurityWafPolicy": { + "responses": { + "200": { + "json": { + "data": { + "attributes": { + "description": "Policy applied to internal web applications.", + "isDefault": false, + "name": "Internal Network Policy", + "protectionPresets": [ + "attack-tools" + ], + "rules": [ + { + "blocking": false, + "enabled": true, + "id": "rasp-001-002" + } + ], + "scope": [ + { + "env": "prod", + "service": "billing-service" + } + ], + "version": 0 + }, + "id": "2857c47d-1e3a-4300-8b2f-dc24089c084b", + "metadata": { + "added_at": "2021-01-01T00:00:00Z", + "added_by": "john.doe@datadoghq.com", + "added_by_name": "John Doe", + "modified_at": "2021-01-01T00:00:00Z", + "modified_by": "john.doe@datadoghq.com", + "modified_by_name": "John Doe" + }, + "type": "policy" + } + }, + "html": "
\n
\n
\n
\n

data

\n
\n

object

\n

Object for a single WAF policy.

\n
\n
\n
\n
\n
\n

attributes

\n
\n

object

\n

A WAF policy.

\n
\n
\n
\n
\n
\n

description [required]

\n
\n

string

\n

Description of the WAF policy.

\n
\n \n
\n
\n
\n
\n
\n

isDefault

\n
\n

boolean

\n

Make this policy the default policy. The default policy is applied to every services not specifically added to another policy.

\n
\n \n
\n
\n
\n
\n
\n

name [required]

\n
\n

string

\n

The Name of the WAF policy.

\n
\n \n
\n
\n
\n
\n
\n

protectionPresets

\n
\n

[string]

\n

Presets enabled on this policy.

\n
\n \n
\n
\n
\n
\n
\n

rules

\n
\n

[object]

\n

Rule overrides applied by the policy.

\n
\n
\n
\n
\n
\n

blocking [required]

\n
\n

boolean

\n

When blocking is enabled, the rule will block the traffic matched by this rule.

\n
\n \n
\n
\n
\n
\n
\n

enabled [required]

\n
\n

boolean

\n

When false, this rule will not match any traffic.

\n
\n \n
\n
\n
\n
\n
\n

id [required]

\n
\n

string

\n

Override the parameters for this WAF rule identifier.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

scope

\n
\n

[object]

\n

The scope of the WAF policy.

\n
\n
\n
\n
\n
\n

env [required]

\n
\n

string

\n

The environment scope for the WAF policy.

\n
\n \n
\n
\n
\n
\n
\n

service [required]

\n
\n

string

\n

The service scope for the WAF policy.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

version

\n
\n

int64

\n

Version of the WAF ruleset maintained by Datadog used by this policy. 0 is the default value.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

id

\n
\n

string

\n

The ID of the policy.

\n
\n \n
\n
\n
\n
\n
\n

metadata

\n
\n

object

\n

Metadata associated with the WAF policy.

\n
\n
\n
\n
\n
\n

added_at

\n
\n

date-time

\n

The date and time the WAF policy was created.

\n
\n \n
\n
\n
\n
\n
\n

added_by

\n
\n

string

\n

The handle of the user who created the WAF policy.

\n
\n \n
\n
\n
\n
\n
\n

added_by_name

\n
\n

string

\n

The name of the user who created the WAF policy.

\n
\n \n
\n
\n
\n
\n
\n

modified_at

\n
\n

date-time

\n

The date and time the WAF policy was last updated.

\n
\n \n
\n
\n
\n
\n
\n

modified_by

\n
\n

string

\n

The handle of the user who last updated the WAF policy.

\n
\n \n
\n
\n
\n
\n
\n

modified_by_name

\n
\n

string

\n

The name of the user who last updated the WAF policy.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

type

\n
\n

enum

\n

The type of the resource. The value should always be policy. \nAllowed enum values: policy

default: policy

\n
\n \n
\n
\n
\n
" + }, + "403": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "429": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + } + }, + "request": { + "json_curl": {}, + "json": {}, + "html": "" + } + }, + "UpdateApplicationSecurityWafPolicy": { + "responses": { + "200": { + "json": { + "data": { + "attributes": { + "description": "Policy applied to internal web applications.", + "isDefault": false, + "name": "Internal Network Policy", + "protectionPresets": [ + "attack-tools" + ], + "rules": [ + { + "blocking": false, + "enabled": true, + "id": "rasp-001-002" + } + ], + "scope": [ + { + "env": "prod", + "service": "billing-service" + } + ], + "version": 0 + }, + "id": "2857c47d-1e3a-4300-8b2f-dc24089c084b", + "metadata": { + "added_at": "2021-01-01T00:00:00Z", + "added_by": "john.doe@datadoghq.com", + "added_by_name": "John Doe", + "modified_at": "2021-01-01T00:00:00Z", + "modified_by": "john.doe@datadoghq.com", + "modified_by_name": "John Doe" + }, + "type": "policy" + } + }, + "html": "
\n
\n
\n
\n

data

\n
\n

object

\n

Object for a single WAF policy.

\n
\n
\n
\n
\n
\n

attributes

\n
\n

object

\n

A WAF policy.

\n
\n
\n
\n
\n
\n

description [required]

\n
\n

string

\n

Description of the WAF policy.

\n
\n \n
\n
\n
\n
\n
\n

isDefault

\n
\n

boolean

\n

Make this policy the default policy. The default policy is applied to every services not specifically added to another policy.

\n
\n \n
\n
\n
\n
\n
\n

name [required]

\n
\n

string

\n

The Name of the WAF policy.

\n
\n \n
\n
\n
\n
\n
\n

protectionPresets

\n
\n

[string]

\n

Presets enabled on this policy.

\n
\n \n
\n
\n
\n
\n
\n

rules

\n
\n

[object]

\n

Rule overrides applied by the policy.

\n
\n
\n
\n
\n
\n

blocking [required]

\n
\n

boolean

\n

When blocking is enabled, the rule will block the traffic matched by this rule.

\n
\n \n
\n
\n
\n
\n
\n

enabled [required]

\n
\n

boolean

\n

When false, this rule will not match any traffic.

\n
\n \n
\n
\n
\n
\n
\n

id [required]

\n
\n

string

\n

Override the parameters for this WAF rule identifier.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

scope

\n
\n

[object]

\n

The scope of the WAF policy.

\n
\n
\n
\n
\n
\n

env [required]

\n
\n

string

\n

The environment scope for the WAF policy.

\n
\n \n
\n
\n
\n
\n
\n

service [required]

\n
\n

string

\n

The service scope for the WAF policy.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

version

\n
\n

int64

\n

Version of the WAF ruleset maintained by Datadog used by this policy. 0 is the default value.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

id

\n
\n

string

\n

The ID of the policy.

\n
\n \n
\n
\n
\n
\n
\n

metadata

\n
\n

object

\n

Metadata associated with the WAF policy.

\n
\n
\n
\n
\n
\n

added_at

\n
\n

date-time

\n

The date and time the WAF policy was created.

\n
\n \n
\n
\n
\n
\n
\n

added_by

\n
\n

string

\n

The handle of the user who created the WAF policy.

\n
\n \n
\n
\n
\n
\n
\n

added_by_name

\n
\n

string

\n

The name of the user who created the WAF policy.

\n
\n \n
\n
\n
\n
\n
\n

modified_at

\n
\n

date-time

\n

The date and time the WAF policy was last updated.

\n
\n \n
\n
\n
\n
\n
\n

modified_by

\n
\n

string

\n

The handle of the user who last updated the WAF policy.

\n
\n \n
\n
\n
\n
\n
\n

modified_by_name

\n
\n

string

\n

The name of the user who last updated the WAF policy.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

type

\n
\n

enum

\n

The type of the resource. The value should always be policy. \nAllowed enum values: policy

default: policy

\n
\n \n
\n
\n
\n
" + }, + "400": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "403": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "404": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "409": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "429": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + } + }, + "request": { + "json_curl": { + "data": { + "attributes": { + "description": "Policy applied to internal web applications.", + "isDefault": false, + "name": "Internal Network Policy", + "protectionPresets": [ + "attack-tools" + ], + "rules": [ + { + "blocking": false, + "enabled": true, + "id": "rasp-001-002" + } + ], + "scope": [ + { + "env": "prod", + "service": "billing-service" + } + ], + "version": 0 + }, + "type": "policy" + } + }, + "json": { + "data": { + "attributes": { + "description": "Policy applied to internal web applications.", + "isDefault": false, + "name": "Internal Network Policy", + "protectionPresets": [ + "attack-tools" + ], + "rules": [ + { + "blocking": false, + "enabled": true, + "id": "rasp-001-002" + } + ], + "scope": [ + { + "env": "prod", + "service": "billing-service" + } + ], + "version": 0 + }, + "type": "policy" + } + }, + "html": "
\n
\n
\n
\n

data [required]

\n
\n

object

\n

Object for a single WAF policy.

\n
\n
\n
\n
\n
\n

attributes [required]

\n
\n

object

\n

Update a WAF policy.

\n
\n
\n
\n
\n
\n

description [required]

\n
\n

string

\n

Description of the WAF policy.

\n
\n \n
\n
\n
\n
\n
\n

isDefault [required]

\n
\n

boolean

\n

Make this policy the default policy. The default policy is applied to every services not specifically added to another policy.

\n
\n \n
\n
\n
\n
\n
\n

name [required]

\n
\n

string

\n

The Name of the WAF policy.

\n
\n \n
\n
\n
\n
\n
\n

protectionPresets [required]

\n
\n

[string]

\n

Presets enabled on this policy.

\n
\n \n
\n
\n
\n
\n
\n

rules [required]

\n
\n

[object]

\n

Rule overrides applied by the policy.

\n
\n
\n
\n
\n
\n

blocking [required]

\n
\n

boolean

\n

When blocking is enabled, the rule will block the traffic matched by this rule.

\n
\n \n
\n
\n
\n
\n
\n

enabled [required]

\n
\n

boolean

\n

When false, this rule will not match any traffic.

\n
\n \n
\n
\n
\n
\n
\n

id [required]

\n
\n

string

\n

Override the parameters for this WAF rule identifier.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

scope [required]

\n
\n

[object]

\n

The scope of the WAF policy.

\n
\n
\n
\n
\n
\n

env [required]

\n
\n

string

\n

The environment scope for the WAF policy.

\n
\n \n
\n
\n
\n
\n
\n

service [required]

\n
\n

string

\n

The service scope for the WAF policy.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

version [required]

\n
\n

int64

\n

Version of the WAF ruleset maintained by Datadog used by this policy. 0 is the default value.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

type [required]

\n
\n

enum

\n

The type of the resource. The value should always be policy. \nAllowed enum values: policy

default: policy

\n
\n \n
\n
\n
\n
" + } } } \ No newline at end of file diff --git a/data/api/v2/full_spec.yaml b/data/api/v2/full_spec.yaml index bd1b35cf52ff9..61669ec78ae35 100644 --- a/data/api/v2/full_spec.yaml +++ b/data/api/v2/full_spec.yaml @@ -167,6 +167,14 @@ components: required: false schema: $ref: '#/components/schemas/ApplicationKeysSort' + ApplicationSecurityPolicyIDParam: + description: The ID of the policy. + example: recommended + in: path + name: policy_id + required: true + schema: + type: string ApplicationSecurityWafCustomRuleIDParam: description: The ID of the custom rule. example: 3b5-v82-ns6 @@ -3196,6 +3204,292 @@ components: type: string x-enum-varnames: - APPLICATION_KEYS + ApplicationSecurityPolicyAttributes: + description: A WAF policy. + properties: + description: + description: Description of the WAF policy. + example: Policy applied to internal web applications. + type: string + isDefault: + description: Make this policy the default policy. The default policy is + applied to every services not specifically added to another policy. + example: false + type: boolean + name: + description: The Name of the WAF policy. + example: Internal Network Policy + type: string + protectionPresets: + description: Presets enabled on this policy. + items: + example: attack-tools + type: string + type: array + rules: + description: Rule overrides applied by the policy. + items: + $ref: '#/components/schemas/ApplicationSecurityPolicyRuleOverride' + type: array + scope: + description: The scope of the WAF policy. + items: + $ref: '#/components/schemas/ApplicationSecurityPolicyScope' + type: array + version: + default: 0 + description: Version of the WAF ruleset maintained by Datadog used by this + policy. 0 is the default value. + example: 0 + format: int64 + type: integer + required: + - name + - description + type: object + ApplicationSecurityPolicyCreateAttributes: + description: Create a new WAF policy. + properties: + basedOn: + description: When creating a new policy, clone the policy indicated by this + identifier. + example: recommended + type: string + description: + description: Description of the WAF policy. + example: Policy applied to internal web applications. + type: string + isDefault: + description: Make this policy the default policy. The default policy is + applied to every services not specifically added to another policy. + example: false + type: boolean + name: + description: The Name of the WAF policy. + example: Internal Network Policy + type: string + protectionPresets: + description: Presets enabled on this policy. + items: + example: attack-tools + type: string + type: array + rules: + description: Rule overrides applied by the policy. + items: + $ref: '#/components/schemas/ApplicationSecurityPolicyRuleOverride' + type: array + scope: + description: The scope of the WAF policy. + items: + $ref: '#/components/schemas/ApplicationSecurityPolicyScope' + type: array + version: + default: 0 + description: Version of the WAF ruleset maintained by Datadog used by this + policy. 0 is the default value. + example: 0 + format: int64 + type: integer + required: + - name + - description + - basedOn + type: object + ApplicationSecurityPolicyCreateData: + description: Object for a single WAF policy. + properties: + attributes: + $ref: '#/components/schemas/ApplicationSecurityPolicyCreateAttributes' + type: + $ref: '#/components/schemas/ApplicationSecurityPolicyType' + required: + - attributes + - type + type: object + ApplicationSecurityPolicyCreateRequest: + description: Request object that includes the policy to create. + properties: + data: + $ref: '#/components/schemas/ApplicationSecurityPolicyCreateData' + required: + - data + type: object + ApplicationSecurityPolicyData: + description: Object for a single WAF policy. + properties: + attributes: + $ref: '#/components/schemas/ApplicationSecurityPolicyAttributes' + id: + description: The ID of the policy. + example: 2857c47d-1e3a-4300-8b2f-dc24089c084b + readOnly: true + type: string + metadata: + $ref: '#/components/schemas/ApplicationSecurityPolicyMetadata' + type: + $ref: '#/components/schemas/ApplicationSecurityPolicyType' + type: object + ApplicationSecurityPolicyListResponse: + description: Response object that includes a list of WAF policies. + properties: + data: + description: The WAF policy data. + items: + $ref: '#/components/schemas/ApplicationSecurityPolicyData' + type: array + type: object + ApplicationSecurityPolicyMetadata: + description: Metadata associated with the WAF policy. + properties: + added_at: + description: The date and time the WAF policy was created. + example: '2021-01-01T00:00:00Z' + format: date-time + type: string + added_by: + description: The handle of the user who created the WAF policy. + example: john.doe@datadoghq.com + type: string + added_by_name: + description: The name of the user who created the WAF policy. + example: John Doe + type: string + modified_at: + description: The date and time the WAF policy was last updated. + example: '2021-01-01T00:00:00Z' + format: date-time + type: string + modified_by: + description: The handle of the user who last updated the WAF policy. + example: john.doe@datadoghq.com + type: string + modified_by_name: + description: The name of the user who last updated the WAF policy. + example: John Doe + type: string + readOnly: true + type: object + ApplicationSecurityPolicyResponse: + description: Response object that includes a single WAF policy. + properties: + data: + $ref: '#/components/schemas/ApplicationSecurityPolicyData' + type: object + ApplicationSecurityPolicyRuleOverride: + description: Override WAF rule parameters for services in a policy. + properties: + blocking: + description: When blocking is enabled, the rule will block the traffic matched + by this rule. + example: false + type: boolean + enabled: + description: When false, this rule will not match any traffic. + example: true + type: boolean + id: + description: Override the parameters for this WAF rule identifier. + example: rasp-001-002 + type: string + required: + - id + - enabled + - blocking + type: object + ApplicationSecurityPolicyScope: + description: The scope of the WAF policy. + properties: + env: + description: The environment scope for the WAF policy. + example: prod + type: string + service: + description: The service scope for the WAF policy. + example: billing-service + type: string + required: + - service + - env + type: object + ApplicationSecurityPolicyType: + default: policy + description: The type of the resource. The value should always be `policy`. + enum: + - policy + example: policy + type: string + x-enum-varnames: + - POLICY + ApplicationSecurityPolicyUpdateAttributes: + description: Update a WAF policy. + properties: + description: + description: Description of the WAF policy. + example: Policy applied to internal web applications. + type: string + isDefault: + description: Make this policy the default policy. The default policy is + applied to every services not specifically added to another policy. + example: false + type: boolean + name: + description: The Name of the WAF policy. + example: Internal Network Policy + type: string + protectionPresets: + description: Presets enabled on this policy. + example: + - attack-tools + items: + example: attack-tools + type: string + type: array + rules: + description: Rule overrides applied by the policy. + items: + $ref: '#/components/schemas/ApplicationSecurityPolicyRuleOverride' + type: array + scope: + description: The scope of the WAF policy. + items: + $ref: '#/components/schemas/ApplicationSecurityPolicyScope' + type: array + version: + default: 0 + description: Version of the WAF ruleset maintained by Datadog used by this + policy. 0 is the default value. + example: 0 + format: int64 + type: integer + required: + - name + - description + - version + - isDefault + - rules + - protectionPresets + - scope + type: object + ApplicationSecurityPolicyUpdateData: + description: Object for a single WAF policy. + properties: + attributes: + $ref: '#/components/schemas/ApplicationSecurityPolicyUpdateAttributes' + type: + $ref: '#/components/schemas/ApplicationSecurityPolicyType' + required: + - attributes + - type + type: object + ApplicationSecurityPolicyUpdateRequest: + description: Request object that includes the policy to update. + properties: + data: + $ref: '#/components/schemas/ApplicationSecurityPolicyUpdateData' + required: + - data + type: object ApplicationSecurityWafCustomRuleAction: description: The definition of `ApplicationSecurityWafCustomRuleAction` object. properties: @@ -69743,7 +70037,7 @@ paths: summary: List all WAF custom rules tags: - Application Security - x-menu-order: 13 + x-menu-order: 23 x-undo: type: safe post: @@ -69791,7 +70085,7 @@ paths: \ }\n ],\n \"tags\": {\n \"category\": \"attack_attempt\",\n \ \"type\": \"test\"\n }\n }\n }\n}" step: there is a valid "custom_rule" in the system - x-menu-order: 12 + x-menu-order: 22 x-undo: operationId: DeleteApplicationSecurityWafCustomRule parameters: @@ -69818,7 +70112,7 @@ paths: summary: Delete a WAF Custom Rule tags: - Application Security - x-menu-order: 16 + x-menu-order: 26 x-terraform-resource: appsec_waf_custom_rule x-undo: type: idempotent @@ -69841,7 +70135,7 @@ paths: summary: Get a WAF custom rule tags: - Application Security - x-menu-order: 10 + x-menu-order: 20 x-terraform-resource: appsec_waf_custom_rule x-undo: type: safe @@ -69880,7 +70174,7 @@ paths: tags: - Application Security x-codegen-request-body-name: body - x-menu-order: 15 + x-menu-order: 25 x-terraform-resource: appsec_waf_custom_rule x-undo: type: idempotent @@ -70071,6 +70365,157 @@ paths: x-terraform-resource: appsec_waf_exclusion_filter x-undo: type: idempotent + /api/v2/remote_config/products/asm/waf/policies: + get: + description: Retrieve a list of WAF policies. + operationId: ListApplicationSecurityWAFPolicies + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ApplicationSecurityPolicyListResponse' + description: OK + '403': + $ref: '#/components/responses/NotAuthorizedResponse' + '429': + $ref: '#/components/responses/TooManyRequestsResponse' + summary: List all WAF policies + tags: + - Application Security + x-menu-order: 13 + x-undo: + type: safe + post: + description: Create a new WAF policy. + operationId: CreateApplicationSecurityWafPolicy + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/ApplicationSecurityPolicyCreateRequest' + description: The new WAF policy. + required: true + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/ApplicationSecurityPolicyResponse' + description: Created + '400': + $ref: '#/components/responses/BadRequestResponse' + '403': + $ref: '#/components/responses/NotAuthorizedResponse' + '409': + $ref: '#/components/responses/ConcurrentModificationResponse' + '429': + $ref: '#/components/responses/TooManyRequestsResponse' + summary: Create a WAF Policy + tags: + - Application Security + x-codegen-request-body-name: body + x-given: + policy: + parameters: + - name: body + value: "{\n \"data\": {\n \"type\": \"policy\",\n \"attributes\": + {\n \"name\": \"Test policy\",\n \"description\": \"This is + a test policy.\",\n \"basedOn\": \"recommended\"\n }\n }\n}" + step: there is a valid "policy" in the system + x-menu-order: 12 + x-undo: + operationId: DeleteApplicationSecurityWafPolicy + parameters: + - name: policy_id + source: data.id + type: unsafe + /api/v2/remote_config/products/asm/waf/policies/{policy_id}: + delete: + description: Delete a specific WAF policy. + operationId: DeleteApplicationSecurityWafPolicy + parameters: + - $ref: '#/components/parameters/ApplicationSecurityPolicyIDParam' + responses: + '204': + description: No Content + '403': + $ref: '#/components/responses/NotAuthorizedResponse' + '404': + $ref: '#/components/responses/NotFoundResponse' + '409': + $ref: '#/components/responses/ConcurrentModificationResponse' + '429': + $ref: '#/components/responses/TooManyRequestsResponse' + summary: Delete a WAF Policy + tags: + - Application Security + x-menu-order: 16 + x-terraform-resource: appsec_waf_policy + x-undo: + type: idempotent + get: + description: Retrieve a WAF policy by ID. + operationId: GetApplicationSecurityWafPolicy + parameters: + - $ref: '#/components/parameters/ApplicationSecurityPolicyIDParam' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ApplicationSecurityPolicyResponse' + description: OK + '403': + $ref: '#/components/responses/NotAuthorizedResponse' + '429': + $ref: '#/components/responses/TooManyRequestsResponse' + summary: Get a WAF Policy + tags: + - Application Security + x-menu-order: 10 + x-terraform-resource: appsec_waf_policy + x-undo: + type: safe + put: + description: 'Update a specific WAF policy. + + Returns the Policy object when the request is successful.' + operationId: UpdateApplicationSecurityWafPolicy + parameters: + - $ref: '#/components/parameters/ApplicationSecurityPolicyIDParam' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/ApplicationSecurityPolicyUpdateRequest' + description: New WAF Policy. + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ApplicationSecurityPolicyResponse' + description: OK + '400': + $ref: '#/components/responses/BadRequestResponse' + '403': + $ref: '#/components/responses/NotAuthorizedResponse' + '404': + $ref: '#/components/responses/NotFoundResponse' + '409': + $ref: '#/components/responses/ConcurrentModificationResponse' + '429': + $ref: '#/components/responses/TooManyRequestsResponse' + summary: Update a WAF Policy + tags: + - Application Security + x-codegen-request-body-name: body + x-menu-order: 15 + x-terraform-resource: appsec_waf_policy + x-undo: + type: idempotent /api/v2/remote_config/products/cws/agent_rules: get: description: 'Get the list of Workload Protection agent rules. diff --git a/data/api/v2/full_spec_deref.json b/data/api/v2/full_spec_deref.json index 9d326ebb0795a..daedcbeda8abc 100644 --- a/data/api/v2/full_spec_deref.json +++ b/data/api/v2/full_spec_deref.json @@ -233,6 +233,16 @@ ] } }, + "ApplicationSecurityPolicyIDParam": { + "description": "The ID of the policy.", + "example": "recommended", + "in": "path", + "name": "policy_id", + "required": true, + "schema": { + "type": "string" + } + }, "ApplicationSecurityWafCustomRuleIDParam": { "description": "The ID of the custom rule.", "example": "3b5-v82-ns6", @@ -21984,6 +21994,1396 @@ "APPLICATION_KEYS" ] }, + "ApplicationSecurityPolicyAttributes": { + "description": "A WAF policy.", + "properties": { + "description": { + "description": "Description of the WAF policy.", + "example": "Policy applied to internal web applications.", + "type": "string" + }, + "isDefault": { + "description": "Make this policy the default policy. The default policy is applied to every services not specifically added to another policy.", + "example": false, + "type": "boolean" + }, + "name": { + "description": "The Name of the WAF policy.", + "example": "Internal Network Policy", + "type": "string" + }, + "protectionPresets": { + "description": "Presets enabled on this policy.", + "items": { + "example": "attack-tools", + "type": "string" + }, + "type": "array" + }, + "rules": { + "description": "Rule overrides applied by the policy.", + "items": { + "description": "Override WAF rule parameters for services in a policy.", + "properties": { + "blocking": { + "description": "When blocking is enabled, the rule will block the traffic matched by this rule.", + "example": false, + "type": "boolean" + }, + "enabled": { + "description": "When false, this rule will not match any traffic.", + "example": true, + "type": "boolean" + }, + "id": { + "description": "Override the parameters for this WAF rule identifier.", + "example": "rasp-001-002", + "type": "string" + } + }, + "required": [ + "id", + "enabled", + "blocking" + ], + "type": "object" + }, + "type": "array" + }, + "scope": { + "description": "The scope of the WAF policy.", + "items": { + "description": "The scope of the WAF policy.", + "properties": { + "env": { + "description": "The environment scope for the WAF policy.", + "example": "prod", + "type": "string" + }, + "service": { + "description": "The service scope for the WAF policy.", + "example": "billing-service", + "type": "string" + } + }, + "required": [ + "service", + "env" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "default": 0, + "description": "Version of the WAF ruleset maintained by Datadog used by this policy. 0 is the default value.", + "example": 0, + "format": "int64", + "type": "integer" + } + }, + "required": [ + "name", + "description" + ], + "type": "object" + }, + "ApplicationSecurityPolicyCreateAttributes": { + "description": "Create a new WAF policy.", + "properties": { + "basedOn": { + "description": "When creating a new policy, clone the policy indicated by this identifier.", + "example": "recommended", + "type": "string" + }, + "description": { + "description": "Description of the WAF policy.", + "example": "Policy applied to internal web applications.", + "type": "string" + }, + "isDefault": { + "description": "Make this policy the default policy. The default policy is applied to every services not specifically added to another policy.", + "example": false, + "type": "boolean" + }, + "name": { + "description": "The Name of the WAF policy.", + "example": "Internal Network Policy", + "type": "string" + }, + "protectionPresets": { + "description": "Presets enabled on this policy.", + "items": { + "example": "attack-tools", + "type": "string" + }, + "type": "array" + }, + "rules": { + "description": "Rule overrides applied by the policy.", + "items": { + "description": "Override WAF rule parameters for services in a policy.", + "properties": { + "blocking": { + "description": "When blocking is enabled, the rule will block the traffic matched by this rule.", + "example": false, + "type": "boolean" + }, + "enabled": { + "description": "When false, this rule will not match any traffic.", + "example": true, + "type": "boolean" + }, + "id": { + "description": "Override the parameters for this WAF rule identifier.", + "example": "rasp-001-002", + "type": "string" + } + }, + "required": [ + "id", + "enabled", + "blocking" + ], + "type": "object" + }, + "type": "array" + }, + "scope": { + "description": "The scope of the WAF policy.", + "items": { + "description": "The scope of the WAF policy.", + "properties": { + "env": { + "description": "The environment scope for the WAF policy.", + "example": "prod", + "type": "string" + }, + "service": { + "description": "The service scope for the WAF policy.", + "example": "billing-service", + "type": "string" + } + }, + "required": [ + "service", + "env" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "default": 0, + "description": "Version of the WAF ruleset maintained by Datadog used by this policy. 0 is the default value.", + "example": 0, + "format": "int64", + "type": "integer" + } + }, + "required": [ + "name", + "description", + "basedOn" + ], + "type": "object" + }, + "ApplicationSecurityPolicyCreateData": { + "description": "Object for a single WAF policy.", + "properties": { + "attributes": { + "description": "Create a new WAF policy.", + "properties": { + "basedOn": { + "description": "When creating a new policy, clone the policy indicated by this identifier.", + "example": "recommended", + "type": "string" + }, + "description": { + "description": "Description of the WAF policy.", + "example": "Policy applied to internal web applications.", + "type": "string" + }, + "isDefault": { + "description": "Make this policy the default policy. The default policy is applied to every services not specifically added to another policy.", + "example": false, + "type": "boolean" + }, + "name": { + "description": "The Name of the WAF policy.", + "example": "Internal Network Policy", + "type": "string" + }, + "protectionPresets": { + "description": "Presets enabled on this policy.", + "items": { + "example": "attack-tools", + "type": "string" + }, + "type": "array" + }, + "rules": { + "description": "Rule overrides applied by the policy.", + "items": { + "description": "Override WAF rule parameters for services in a policy.", + "properties": { + "blocking": { + "description": "When blocking is enabled, the rule will block the traffic matched by this rule.", + "example": false, + "type": "boolean" + }, + "enabled": { + "description": "When false, this rule will not match any traffic.", + "example": true, + "type": "boolean" + }, + "id": { + "description": "Override the parameters for this WAF rule identifier.", + "example": "rasp-001-002", + "type": "string" + } + }, + "required": [ + "id", + "enabled", + "blocking" + ], + "type": "object" + }, + "type": "array" + }, + "scope": { + "description": "The scope of the WAF policy.", + "items": { + "description": "The scope of the WAF policy.", + "properties": { + "env": { + "description": "The environment scope for the WAF policy.", + "example": "prod", + "type": "string" + }, + "service": { + "description": "The service scope for the WAF policy.", + "example": "billing-service", + "type": "string" + } + }, + "required": [ + "service", + "env" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "default": 0, + "description": "Version of the WAF ruleset maintained by Datadog used by this policy. 0 is the default value.", + "example": 0, + "format": "int64", + "type": "integer" + } + }, + "required": [ + "name", + "description", + "basedOn" + ], + "type": "object" + }, + "type": { + "default": "policy", + "description": "The type of the resource. The value should always be `policy`.", + "enum": [ + "policy" + ], + "example": "policy", + "type": "string", + "x-enum-varnames": [ + "POLICY" + ] + } + }, + "required": [ + "attributes", + "type" + ], + "type": "object" + }, + "ApplicationSecurityPolicyCreateRequest": { + "description": "Request object that includes the policy to create.", + "properties": { + "data": { + "description": "Object for a single WAF policy.", + "properties": { + "attributes": { + "description": "Create a new WAF policy.", + "properties": { + "basedOn": { + "description": "When creating a new policy, clone the policy indicated by this identifier.", + "example": "recommended", + "type": "string" + }, + "description": { + "description": "Description of the WAF policy.", + "example": "Policy applied to internal web applications.", + "type": "string" + }, + "isDefault": { + "description": "Make this policy the default policy. The default policy is applied to every services not specifically added to another policy.", + "example": false, + "type": "boolean" + }, + "name": { + "description": "The Name of the WAF policy.", + "example": "Internal Network Policy", + "type": "string" + }, + "protectionPresets": { + "description": "Presets enabled on this policy.", + "items": { + "example": "attack-tools", + "type": "string" + }, + "type": "array" + }, + "rules": { + "description": "Rule overrides applied by the policy.", + "items": { + "description": "Override WAF rule parameters for services in a policy.", + "properties": { + "blocking": { + "description": "When blocking is enabled, the rule will block the traffic matched by this rule.", + "example": false, + "type": "boolean" + }, + "enabled": { + "description": "When false, this rule will not match any traffic.", + "example": true, + "type": "boolean" + }, + "id": { + "description": "Override the parameters for this WAF rule identifier.", + "example": "rasp-001-002", + "type": "string" + } + }, + "required": [ + "id", + "enabled", + "blocking" + ], + "type": "object" + }, + "type": "array" + }, + "scope": { + "description": "The scope of the WAF policy.", + "items": { + "description": "The scope of the WAF policy.", + "properties": { + "env": { + "description": "The environment scope for the WAF policy.", + "example": "prod", + "type": "string" + }, + "service": { + "description": "The service scope for the WAF policy.", + "example": "billing-service", + "type": "string" + } + }, + "required": [ + "service", + "env" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "default": 0, + "description": "Version of the WAF ruleset maintained by Datadog used by this policy. 0 is the default value.", + "example": 0, + "format": "int64", + "type": "integer" + } + }, + "required": [ + "name", + "description", + "basedOn" + ], + "type": "object" + }, + "type": { + "default": "policy", + "description": "The type of the resource. The value should always be `policy`.", + "enum": [ + "policy" + ], + "example": "policy", + "type": "string", + "x-enum-varnames": [ + "POLICY" + ] + } + }, + "required": [ + "attributes", + "type" + ], + "type": "object" + } + }, + "required": [ + "data" + ], + "type": "object" + }, + "ApplicationSecurityPolicyData": { + "description": "Object for a single WAF policy.", + "properties": { + "attributes": { + "description": "A WAF policy.", + "properties": { + "description": { + "description": "Description of the WAF policy.", + "example": "Policy applied to internal web applications.", + "type": "string" + }, + "isDefault": { + "description": "Make this policy the default policy. The default policy is applied to every services not specifically added to another policy.", + "example": false, + "type": "boolean" + }, + "name": { + "description": "The Name of the WAF policy.", + "example": "Internal Network Policy", + "type": "string" + }, + "protectionPresets": { + "description": "Presets enabled on this policy.", + "items": { + "example": "attack-tools", + "type": "string" + }, + "type": "array" + }, + "rules": { + "description": "Rule overrides applied by the policy.", + "items": { + "description": "Override WAF rule parameters for services in a policy.", + "properties": { + "blocking": { + "description": "When blocking is enabled, the rule will block the traffic matched by this rule.", + "example": false, + "type": "boolean" + }, + "enabled": { + "description": "When false, this rule will not match any traffic.", + "example": true, + "type": "boolean" + }, + "id": { + "description": "Override the parameters for this WAF rule identifier.", + "example": "rasp-001-002", + "type": "string" + } + }, + "required": [ + "id", + "enabled", + "blocking" + ], + "type": "object" + }, + "type": "array" + }, + "scope": { + "description": "The scope of the WAF policy.", + "items": { + "description": "The scope of the WAF policy.", + "properties": { + "env": { + "description": "The environment scope for the WAF policy.", + "example": "prod", + "type": "string" + }, + "service": { + "description": "The service scope for the WAF policy.", + "example": "billing-service", + "type": "string" + } + }, + "required": [ + "service", + "env" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "default": 0, + "description": "Version of the WAF ruleset maintained by Datadog used by this policy. 0 is the default value.", + "example": 0, + "format": "int64", + "type": "integer" + } + }, + "required": [ + "name", + "description" + ], + "type": "object" + }, + "id": { + "description": "The ID of the policy.", + "example": "2857c47d-1e3a-4300-8b2f-dc24089c084b", + "readOnly": true, + "type": "string" + }, + "metadata": { + "description": "Metadata associated with the WAF policy.", + "properties": { + "added_at": { + "description": "The date and time the WAF policy was created.", + "example": "2021-01-01T00:00:00Z", + "format": "date-time", + "type": "string" + }, + "added_by": { + "description": "The handle of the user who created the WAF policy.", + "example": "john.doe@datadoghq.com", + "type": "string" + }, + "added_by_name": { + "description": "The name of the user who created the WAF policy.", + "example": "John Doe", + "type": "string" + }, + "modified_at": { + "description": "The date and time the WAF policy was last updated.", + "example": "2021-01-01T00:00:00Z", + "format": "date-time", + "type": "string" + }, + "modified_by": { + "description": "The handle of the user who last updated the WAF policy.", + "example": "john.doe@datadoghq.com", + "type": "string" + }, + "modified_by_name": { + "description": "The name of the user who last updated the WAF policy.", + "example": "John Doe", + "type": "string" + } + }, + "readOnly": true, + "type": "object" + }, + "type": { + "default": "policy", + "description": "The type of the resource. The value should always be `policy`.", + "enum": [ + "policy" + ], + "example": "policy", + "type": "string", + "x-enum-varnames": [ + "POLICY" + ] + } + }, + "type": "object" + }, + "ApplicationSecurityPolicyListResponse": { + "description": "Response object that includes a list of WAF policies.", + "properties": { + "data": { + "description": "The WAF policy data.", + "items": { + "description": "Object for a single WAF policy.", + "properties": { + "attributes": { + "description": "A WAF policy.", + "properties": { + "description": { + "description": "Description of the WAF policy.", + "example": "Policy applied to internal web applications.", + "type": "string" + }, + "isDefault": { + "description": "Make this policy the default policy. The default policy is applied to every services not specifically added to another policy.", + "example": false, + "type": "boolean" + }, + "name": { + "description": "The Name of the WAF policy.", + "example": "Internal Network Policy", + "type": "string" + }, + "protectionPresets": { + "description": "Presets enabled on this policy.", + "items": { + "example": "attack-tools", + "type": "string" + }, + "type": "array" + }, + "rules": { + "description": "Rule overrides applied by the policy.", + "items": { + "description": "Override WAF rule parameters for services in a policy.", + "properties": { + "blocking": { + "description": "When blocking is enabled, the rule will block the traffic matched by this rule.", + "example": false, + "type": "boolean" + }, + "enabled": { + "description": "When false, this rule will not match any traffic.", + "example": true, + "type": "boolean" + }, + "id": { + "description": "Override the parameters for this WAF rule identifier.", + "example": "rasp-001-002", + "type": "string" + } + }, + "required": [ + "id", + "enabled", + "blocking" + ], + "type": "object" + }, + "type": "array" + }, + "scope": { + "description": "The scope of the WAF policy.", + "items": { + "description": "The scope of the WAF policy.", + "properties": { + "env": { + "description": "The environment scope for the WAF policy.", + "example": "prod", + "type": "string" + }, + "service": { + "description": "The service scope for the WAF policy.", + "example": "billing-service", + "type": "string" + } + }, + "required": [ + "service", + "env" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "default": 0, + "description": "Version of the WAF ruleset maintained by Datadog used by this policy. 0 is the default value.", + "example": 0, + "format": "int64", + "type": "integer" + } + }, + "required": [ + "name", + "description" + ], + "type": "object" + }, + "id": { + "description": "The ID of the policy.", + "example": "2857c47d-1e3a-4300-8b2f-dc24089c084b", + "readOnly": true, + "type": "string" + }, + "metadata": { + "description": "Metadata associated with the WAF policy.", + "properties": { + "added_at": { + "description": "The date and time the WAF policy was created.", + "example": "2021-01-01T00:00:00Z", + "format": "date-time", + "type": "string" + }, + "added_by": { + "description": "The handle of the user who created the WAF policy.", + "example": "john.doe@datadoghq.com", + "type": "string" + }, + "added_by_name": { + "description": "The name of the user who created the WAF policy.", + "example": "John Doe", + "type": "string" + }, + "modified_at": { + "description": "The date and time the WAF policy was last updated.", + "example": "2021-01-01T00:00:00Z", + "format": "date-time", + "type": "string" + }, + "modified_by": { + "description": "The handle of the user who last updated the WAF policy.", + "example": "john.doe@datadoghq.com", + "type": "string" + }, + "modified_by_name": { + "description": "The name of the user who last updated the WAF policy.", + "example": "John Doe", + "type": "string" + } + }, + "readOnly": true, + "type": "object" + }, + "type": { + "default": "policy", + "description": "The type of the resource. The value should always be `policy`.", + "enum": [ + "policy" + ], + "example": "policy", + "type": "string", + "x-enum-varnames": [ + "POLICY" + ] + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "ApplicationSecurityPolicyMetadata": { + "description": "Metadata associated with the WAF policy.", + "properties": { + "added_at": { + "description": "The date and time the WAF policy was created.", + "example": "2021-01-01T00:00:00Z", + "format": "date-time", + "type": "string" + }, + "added_by": { + "description": "The handle of the user who created the WAF policy.", + "example": "john.doe@datadoghq.com", + "type": "string" + }, + "added_by_name": { + "description": "The name of the user who created the WAF policy.", + "example": "John Doe", + "type": "string" + }, + "modified_at": { + "description": "The date and time the WAF policy was last updated.", + "example": "2021-01-01T00:00:00Z", + "format": "date-time", + "type": "string" + }, + "modified_by": { + "description": "The handle of the user who last updated the WAF policy.", + "example": "john.doe@datadoghq.com", + "type": "string" + }, + "modified_by_name": { + "description": "The name of the user who last updated the WAF policy.", + "example": "John Doe", + "type": "string" + } + }, + "readOnly": true, + "type": "object" + }, + "ApplicationSecurityPolicyResponse": { + "description": "Response object that includes a single WAF policy.", + "properties": { + "data": { + "description": "Object for a single WAF policy.", + "properties": { + "attributes": { + "description": "A WAF policy.", + "properties": { + "description": { + "description": "Description of the WAF policy.", + "example": "Policy applied to internal web applications.", + "type": "string" + }, + "isDefault": { + "description": "Make this policy the default policy. The default policy is applied to every services not specifically added to another policy.", + "example": false, + "type": "boolean" + }, + "name": { + "description": "The Name of the WAF policy.", + "example": "Internal Network Policy", + "type": "string" + }, + "protectionPresets": { + "description": "Presets enabled on this policy.", + "items": { + "example": "attack-tools", + "type": "string" + }, + "type": "array" + }, + "rules": { + "description": "Rule overrides applied by the policy.", + "items": { + "description": "Override WAF rule parameters for services in a policy.", + "properties": { + "blocking": { + "description": "When blocking is enabled, the rule will block the traffic matched by this rule.", + "example": false, + "type": "boolean" + }, + "enabled": { + "description": "When false, this rule will not match any traffic.", + "example": true, + "type": "boolean" + }, + "id": { + "description": "Override the parameters for this WAF rule identifier.", + "example": "rasp-001-002", + "type": "string" + } + }, + "required": [ + "id", + "enabled", + "blocking" + ], + "type": "object" + }, + "type": "array" + }, + "scope": { + "description": "The scope of the WAF policy.", + "items": { + "description": "The scope of the WAF policy.", + "properties": { + "env": { + "description": "The environment scope for the WAF policy.", + "example": "prod", + "type": "string" + }, + "service": { + "description": "The service scope for the WAF policy.", + "example": "billing-service", + "type": "string" + } + }, + "required": [ + "service", + "env" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "default": 0, + "description": "Version of the WAF ruleset maintained by Datadog used by this policy. 0 is the default value.", + "example": 0, + "format": "int64", + "type": "integer" + } + }, + "required": [ + "name", + "description" + ], + "type": "object" + }, + "id": { + "description": "The ID of the policy.", + "example": "2857c47d-1e3a-4300-8b2f-dc24089c084b", + "readOnly": true, + "type": "string" + }, + "metadata": { + "description": "Metadata associated with the WAF policy.", + "properties": { + "added_at": { + "description": "The date and time the WAF policy was created.", + "example": "2021-01-01T00:00:00Z", + "format": "date-time", + "type": "string" + }, + "added_by": { + "description": "The handle of the user who created the WAF policy.", + "example": "john.doe@datadoghq.com", + "type": "string" + }, + "added_by_name": { + "description": "The name of the user who created the WAF policy.", + "example": "John Doe", + "type": "string" + }, + "modified_at": { + "description": "The date and time the WAF policy was last updated.", + "example": "2021-01-01T00:00:00Z", + "format": "date-time", + "type": "string" + }, + "modified_by": { + "description": "The handle of the user who last updated the WAF policy.", + "example": "john.doe@datadoghq.com", + "type": "string" + }, + "modified_by_name": { + "description": "The name of the user who last updated the WAF policy.", + "example": "John Doe", + "type": "string" + } + }, + "readOnly": true, + "type": "object" + }, + "type": { + "default": "policy", + "description": "The type of the resource. The value should always be `policy`.", + "enum": [ + "policy" + ], + "example": "policy", + "type": "string", + "x-enum-varnames": [ + "POLICY" + ] + } + }, + "type": "object" + } + }, + "type": "object" + }, + "ApplicationSecurityPolicyRuleOverride": { + "description": "Override WAF rule parameters for services in a policy.", + "properties": { + "blocking": { + "description": "When blocking is enabled, the rule will block the traffic matched by this rule.", + "example": false, + "type": "boolean" + }, + "enabled": { + "description": "When false, this rule will not match any traffic.", + "example": true, + "type": "boolean" + }, + "id": { + "description": "Override the parameters for this WAF rule identifier.", + "example": "rasp-001-002", + "type": "string" + } + }, + "required": [ + "id", + "enabled", + "blocking" + ], + "type": "object" + }, + "ApplicationSecurityPolicyScope": { + "description": "The scope of the WAF policy.", + "properties": { + "env": { + "description": "The environment scope for the WAF policy.", + "example": "prod", + "type": "string" + }, + "service": { + "description": "The service scope for the WAF policy.", + "example": "billing-service", + "type": "string" + } + }, + "required": [ + "service", + "env" + ], + "type": "object" + }, + "ApplicationSecurityPolicyType": { + "default": "policy", + "description": "The type of the resource. The value should always be `policy`.", + "enum": [ + "policy" + ], + "example": "policy", + "type": "string", + "x-enum-varnames": [ + "POLICY" + ] + }, + "ApplicationSecurityPolicyUpdateAttributes": { + "description": "Update a WAF policy.", + "properties": { + "description": { + "description": "Description of the WAF policy.", + "example": "Policy applied to internal web applications.", + "type": "string" + }, + "isDefault": { + "description": "Make this policy the default policy. The default policy is applied to every services not specifically added to another policy.", + "example": false, + "type": "boolean" + }, + "name": { + "description": "The Name of the WAF policy.", + "example": "Internal Network Policy", + "type": "string" + }, + "protectionPresets": { + "description": "Presets enabled on this policy.", + "example": [ + "attack-tools" + ], + "items": { + "example": "attack-tools", + "type": "string" + }, + "type": "array" + }, + "rules": { + "description": "Rule overrides applied by the policy.", + "items": { + "description": "Override WAF rule parameters for services in a policy.", + "properties": { + "blocking": { + "description": "When blocking is enabled, the rule will block the traffic matched by this rule.", + "example": false, + "type": "boolean" + }, + "enabled": { + "description": "When false, this rule will not match any traffic.", + "example": true, + "type": "boolean" + }, + "id": { + "description": "Override the parameters for this WAF rule identifier.", + "example": "rasp-001-002", + "type": "string" + } + }, + "required": [ + "id", + "enabled", + "blocking" + ], + "type": "object" + }, + "type": "array" + }, + "scope": { + "description": "The scope of the WAF policy.", + "items": { + "description": "The scope of the WAF policy.", + "properties": { + "env": { + "description": "The environment scope for the WAF policy.", + "example": "prod", + "type": "string" + }, + "service": { + "description": "The service scope for the WAF policy.", + "example": "billing-service", + "type": "string" + } + }, + "required": [ + "service", + "env" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "default": 0, + "description": "Version of the WAF ruleset maintained by Datadog used by this policy. 0 is the default value.", + "example": 0, + "format": "int64", + "type": "integer" + } + }, + "required": [ + "name", + "description", + "version", + "isDefault", + "rules", + "protectionPresets", + "scope" + ], + "type": "object" + }, + "ApplicationSecurityPolicyUpdateData": { + "description": "Object for a single WAF policy.", + "properties": { + "attributes": { + "description": "Update a WAF policy.", + "properties": { + "description": { + "description": "Description of the WAF policy.", + "example": "Policy applied to internal web applications.", + "type": "string" + }, + "isDefault": { + "description": "Make this policy the default policy. The default policy is applied to every services not specifically added to another policy.", + "example": false, + "type": "boolean" + }, + "name": { + "description": "The Name of the WAF policy.", + "example": "Internal Network Policy", + "type": "string" + }, + "protectionPresets": { + "description": "Presets enabled on this policy.", + "example": [ + "attack-tools" + ], + "items": { + "example": "attack-tools", + "type": "string" + }, + "type": "array" + }, + "rules": { + "description": "Rule overrides applied by the policy.", + "items": { + "description": "Override WAF rule parameters for services in a policy.", + "properties": { + "blocking": { + "description": "When blocking is enabled, the rule will block the traffic matched by this rule.", + "example": false, + "type": "boolean" + }, + "enabled": { + "description": "When false, this rule will not match any traffic.", + "example": true, + "type": "boolean" + }, + "id": { + "description": "Override the parameters for this WAF rule identifier.", + "example": "rasp-001-002", + "type": "string" + } + }, + "required": [ + "id", + "enabled", + "blocking" + ], + "type": "object" + }, + "type": "array" + }, + "scope": { + "description": "The scope of the WAF policy.", + "items": { + "description": "The scope of the WAF policy.", + "properties": { + "env": { + "description": "The environment scope for the WAF policy.", + "example": "prod", + "type": "string" + }, + "service": { + "description": "The service scope for the WAF policy.", + "example": "billing-service", + "type": "string" + } + }, + "required": [ + "service", + "env" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "default": 0, + "description": "Version of the WAF ruleset maintained by Datadog used by this policy. 0 is the default value.", + "example": 0, + "format": "int64", + "type": "integer" + } + }, + "required": [ + "name", + "description", + "version", + "isDefault", + "rules", + "protectionPresets", + "scope" + ], + "type": "object" + }, + "type": { + "default": "policy", + "description": "The type of the resource. The value should always be `policy`.", + "enum": [ + "policy" + ], + "example": "policy", + "type": "string", + "x-enum-varnames": [ + "POLICY" + ] + } + }, + "required": [ + "attributes", + "type" + ], + "type": "object" + }, + "ApplicationSecurityPolicyUpdateRequest": { + "description": "Request object that includes the policy to update.", + "properties": { + "data": { + "description": "Object for a single WAF policy.", + "properties": { + "attributes": { + "description": "Update a WAF policy.", + "properties": { + "description": { + "description": "Description of the WAF policy.", + "example": "Policy applied to internal web applications.", + "type": "string" + }, + "isDefault": { + "description": "Make this policy the default policy. The default policy is applied to every services not specifically added to another policy.", + "example": false, + "type": "boolean" + }, + "name": { + "description": "The Name of the WAF policy.", + "example": "Internal Network Policy", + "type": "string" + }, + "protectionPresets": { + "description": "Presets enabled on this policy.", + "example": [ + "attack-tools" + ], + "items": { + "example": "attack-tools", + "type": "string" + }, + "type": "array" + }, + "rules": { + "description": "Rule overrides applied by the policy.", + "items": { + "description": "Override WAF rule parameters for services in a policy.", + "properties": { + "blocking": { + "description": "When blocking is enabled, the rule will block the traffic matched by this rule.", + "example": false, + "type": "boolean" + }, + "enabled": { + "description": "When false, this rule will not match any traffic.", + "example": true, + "type": "boolean" + }, + "id": { + "description": "Override the parameters for this WAF rule identifier.", + "example": "rasp-001-002", + "type": "string" + } + }, + "required": [ + "id", + "enabled", + "blocking" + ], + "type": "object" + }, + "type": "array" + }, + "scope": { + "description": "The scope of the WAF policy.", + "items": { + "description": "The scope of the WAF policy.", + "properties": { + "env": { + "description": "The environment scope for the WAF policy.", + "example": "prod", + "type": "string" + }, + "service": { + "description": "The service scope for the WAF policy.", + "example": "billing-service", + "type": "string" + } + }, + "required": [ + "service", + "env" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "default": 0, + "description": "Version of the WAF ruleset maintained by Datadog used by this policy. 0 is the default value.", + "example": 0, + "format": "int64", + "type": "integer" + } + }, + "required": [ + "name", + "description", + "version", + "isDefault", + "rules", + "protectionPresets", + "scope" + ], + "type": "object" + }, + "type": { + "default": "policy", + "description": "The type of the resource. The value should always be `policy`.", + "enum": [ + "policy" + ], + "example": "policy", + "type": "string", + "x-enum-varnames": [ + "POLICY" + ] + } + }, + "required": [ + "attributes", + "type" + ], + "type": "object" + } + }, + "required": [ + "data" + ], + "type": "object" + }, "ApplicationSecurityWafCustomRuleAction": { "description": "The definition of `ApplicationSecurityWafCustomRuleAction` object.", "properties": { @@ -569450,7 +570850,7 @@ "tags": [ "Application Security" ], - "x-menu-order": 13, + "x-menu-order": 23, "x-undo": { "type": "safe" } @@ -570289,7 +571689,7 @@ "step": "there is a valid \"custom_rule\" in the system" } }, - "x-menu-order": 12, + "x-menu-order": 22, "x-undo": { "operationId": "DeleteApplicationSecurityWafCustomRule", "parameters": [ @@ -570439,7 +571839,7 @@ "tags": [ "Application Security" ], - "x-menu-order": 16, + "x-menu-order": 26, "x-terraform-resource": "appsec_waf_custom_rule", "x-undo": { "type": "idempotent" @@ -570891,7 +572291,7 @@ "tags": [ "Application Security" ], - "x-menu-order": 10, + "x-menu-order": 20, "x-terraform-resource": "appsec_waf_custom_rule", "x-undo": { "type": "safe" @@ -571760,7 +573160,7 @@ "Application Security" ], "x-codegen-request-body-name": "body", - "x-menu-order": 15, + "x-menu-order": 25, "x-terraform-resource": "appsec_waf_custom_rule", "x-undo": { "type": "idempotent" @@ -573451,6 +574851,1582 @@ } } }, + "/api/v2/remote_config/products/asm/waf/policies": { + "get": { + "description": "Retrieve a list of WAF policies.", + "operationId": "ListApplicationSecurityWAFPolicies", + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "description": "Response object that includes a list of WAF policies.", + "properties": { + "data": { + "description": "The WAF policy data.", + "items": { + "description": "Object for a single WAF policy.", + "properties": { + "attributes": { + "description": "A WAF policy.", + "properties": { + "description": { + "description": "Description of the WAF policy.", + "example": "Policy applied to internal web applications.", + "type": "string" + }, + "isDefault": { + "description": "Make this policy the default policy. The default policy is applied to every services not specifically added to another policy.", + "example": false, + "type": "boolean" + }, + "name": { + "description": "The Name of the WAF policy.", + "example": "Internal Network Policy", + "type": "string" + }, + "protectionPresets": { + "description": "Presets enabled on this policy.", + "items": { + "example": "attack-tools", + "type": "string" + }, + "type": "array" + }, + "rules": { + "description": "Rule overrides applied by the policy.", + "items": { + "description": "Override WAF rule parameters for services in a policy.", + "properties": { + "blocking": { + "description": "When blocking is enabled, the rule will block the traffic matched by this rule.", + "example": false, + "type": "boolean" + }, + "enabled": { + "description": "When false, this rule will not match any traffic.", + "example": true, + "type": "boolean" + }, + "id": { + "description": "Override the parameters for this WAF rule identifier.", + "example": "rasp-001-002", + "type": "string" + } + }, + "required": [ + "id", + "enabled", + "blocking" + ], + "type": "object" + }, + "type": "array" + }, + "scope": { + "description": "The scope of the WAF policy.", + "items": { + "description": "The scope of the WAF policy.", + "properties": { + "env": { + "description": "The environment scope for the WAF policy.", + "example": "prod", + "type": "string" + }, + "service": { + "description": "The service scope for the WAF policy.", + "example": "billing-service", + "type": "string" + } + }, + "required": [ + "service", + "env" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "default": 0, + "description": "Version of the WAF ruleset maintained by Datadog used by this policy. 0 is the default value.", + "example": 0, + "format": "int64", + "type": "integer" + } + }, + "required": [ + "name", + "description" + ], + "type": "object" + }, + "id": { + "description": "The ID of the policy.", + "example": "2857c47d-1e3a-4300-8b2f-dc24089c084b", + "readOnly": true, + "type": "string" + }, + "metadata": { + "description": "Metadata associated with the WAF policy.", + "properties": { + "added_at": { + "description": "The date and time the WAF policy was created.", + "example": "2021-01-01T00:00:00Z", + "format": "date-time", + "type": "string" + }, + "added_by": { + "description": "The handle of the user who created the WAF policy.", + "example": "john.doe@datadoghq.com", + "type": "string" + }, + "added_by_name": { + "description": "The name of the user who created the WAF policy.", + "example": "John Doe", + "type": "string" + }, + "modified_at": { + "description": "The date and time the WAF policy was last updated.", + "example": "2021-01-01T00:00:00Z", + "format": "date-time", + "type": "string" + }, + "modified_by": { + "description": "The handle of the user who last updated the WAF policy.", + "example": "john.doe@datadoghq.com", + "type": "string" + }, + "modified_by_name": { + "description": "The name of the user who last updated the WAF policy.", + "example": "John Doe", + "type": "string" + } + }, + "readOnly": true, + "type": "object" + }, + "type": { + "default": "policy", + "description": "The type of the resource. The value should always be `policy`.", + "enum": [ + "policy" + ], + "example": "policy", + "type": "string", + "x-enum-varnames": [ + "POLICY" + ] + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + } + } + }, + "description": "OK" + }, + "403": { + "content": { + "application/json": { + "schema": { + "description": "API error response.", + "properties": { + "errors": { + "description": "A list of errors.", + "example": [ + "Bad Request" + ], + "items": { + "description": "A list of items.", + "example": "Bad Request", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "errors" + ], + "type": "object" + } + } + }, + "description": "Not Authorized" + }, + "429": { + "content": { + "application/json": { + "schema": { + "description": "API error response.", + "properties": { + "errors": { + "description": "A list of errors.", + "example": [ + "Bad Request" + ], + "items": { + "description": "A list of items.", + "example": "Bad Request", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "errors" + ], + "type": "object" + } + } + }, + "description": "Too many requests" + } + }, + "summary": "List all WAF policies", + "tags": [ + "Application Security" + ], + "x-menu-order": 13, + "x-undo": { + "type": "safe" + } + }, + "post": { + "description": "Create a new WAF policy.", + "operationId": "CreateApplicationSecurityWafPolicy", + "requestBody": { + "content": { + "application/json": { + "schema": { + "description": "Request object that includes the policy to create.", + "properties": { + "data": { + "description": "Object for a single WAF policy.", + "properties": { + "attributes": { + "description": "Create a new WAF policy.", + "properties": { + "basedOn": { + "description": "When creating a new policy, clone the policy indicated by this identifier.", + "example": "recommended", + "type": "string" + }, + "description": { + "description": "Description of the WAF policy.", + "example": "Policy applied to internal web applications.", + "type": "string" + }, + "isDefault": { + "description": "Make this policy the default policy. The default policy is applied to every services not specifically added to another policy.", + "example": false, + "type": "boolean" + }, + "name": { + "description": "The Name of the WAF policy.", + "example": "Internal Network Policy", + "type": "string" + }, + "protectionPresets": { + "description": "Presets enabled on this policy.", + "items": { + "example": "attack-tools", + "type": "string" + }, + "type": "array" + }, + "rules": { + "description": "Rule overrides applied by the policy.", + "items": { + "description": "Override WAF rule parameters for services in a policy.", + "properties": { + "blocking": { + "description": "When blocking is enabled, the rule will block the traffic matched by this rule.", + "example": false, + "type": "boolean" + }, + "enabled": { + "description": "When false, this rule will not match any traffic.", + "example": true, + "type": "boolean" + }, + "id": { + "description": "Override the parameters for this WAF rule identifier.", + "example": "rasp-001-002", + "type": "string" + } + }, + "required": [ + "id", + "enabled", + "blocking" + ], + "type": "object" + }, + "type": "array" + }, + "scope": { + "description": "The scope of the WAF policy.", + "items": { + "description": "The scope of the WAF policy.", + "properties": { + "env": { + "description": "The environment scope for the WAF policy.", + "example": "prod", + "type": "string" + }, + "service": { + "description": "The service scope for the WAF policy.", + "example": "billing-service", + "type": "string" + } + }, + "required": [ + "service", + "env" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "default": 0, + "description": "Version of the WAF ruleset maintained by Datadog used by this policy. 0 is the default value.", + "example": 0, + "format": "int64", + "type": "integer" + } + }, + "required": [ + "name", + "description", + "basedOn" + ], + "type": "object" + }, + "type": { + "default": "policy", + "description": "The type of the resource. The value should always be `policy`.", + "enum": [ + "policy" + ], + "example": "policy", + "type": "string", + "x-enum-varnames": [ + "POLICY" + ] + } + }, + "required": [ + "attributes", + "type" + ], + "type": "object" + } + }, + "required": [ + "data" + ], + "type": "object" + } + } + }, + "description": "The new WAF policy.", + "required": true + }, + "responses": { + "201": { + "content": { + "application/json": { + "schema": { + "description": "Response object that includes a single WAF policy.", + "properties": { + "data": { + "description": "Object for a single WAF policy.", + "properties": { + "attributes": { + "description": "A WAF policy.", + "properties": { + "description": { + "description": "Description of the WAF policy.", + "example": "Policy applied to internal web applications.", + "type": "string" + }, + "isDefault": { + "description": "Make this policy the default policy. The default policy is applied to every services not specifically added to another policy.", + "example": false, + "type": "boolean" + }, + "name": { + "description": "The Name of the WAF policy.", + "example": "Internal Network Policy", + "type": "string" + }, + "protectionPresets": { + "description": "Presets enabled on this policy.", + "items": { + "example": "attack-tools", + "type": "string" + }, + "type": "array" + }, + "rules": { + "description": "Rule overrides applied by the policy.", + "items": { + "description": "Override WAF rule parameters for services in a policy.", + "properties": { + "blocking": { + "description": "When blocking is enabled, the rule will block the traffic matched by this rule.", + "example": false, + "type": "boolean" + }, + "enabled": { + "description": "When false, this rule will not match any traffic.", + "example": true, + "type": "boolean" + }, + "id": { + "description": "Override the parameters for this WAF rule identifier.", + "example": "rasp-001-002", + "type": "string" + } + }, + "required": [ + "id", + "enabled", + "blocking" + ], + "type": "object" + }, + "type": "array" + }, + "scope": { + "description": "The scope of the WAF policy.", + "items": { + "description": "The scope of the WAF policy.", + "properties": { + "env": { + "description": "The environment scope for the WAF policy.", + "example": "prod", + "type": "string" + }, + "service": { + "description": "The service scope for the WAF policy.", + "example": "billing-service", + "type": "string" + } + }, + "required": [ + "service", + "env" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "default": 0, + "description": "Version of the WAF ruleset maintained by Datadog used by this policy. 0 is the default value.", + "example": 0, + "format": "int64", + "type": "integer" + } + }, + "required": [ + "name", + "description" + ], + "type": "object" + }, + "id": { + "description": "The ID of the policy.", + "example": "2857c47d-1e3a-4300-8b2f-dc24089c084b", + "readOnly": true, + "type": "string" + }, + "metadata": { + "description": "Metadata associated with the WAF policy.", + "properties": { + "added_at": { + "description": "The date and time the WAF policy was created.", + "example": "2021-01-01T00:00:00Z", + "format": "date-time", + "type": "string" + }, + "added_by": { + "description": "The handle of the user who created the WAF policy.", + "example": "john.doe@datadoghq.com", + "type": "string" + }, + "added_by_name": { + "description": "The name of the user who created the WAF policy.", + "example": "John Doe", + "type": "string" + }, + "modified_at": { + "description": "The date and time the WAF policy was last updated.", + "example": "2021-01-01T00:00:00Z", + "format": "date-time", + "type": "string" + }, + "modified_by": { + "description": "The handle of the user who last updated the WAF policy.", + "example": "john.doe@datadoghq.com", + "type": "string" + }, + "modified_by_name": { + "description": "The name of the user who last updated the WAF policy.", + "example": "John Doe", + "type": "string" + } + }, + "readOnly": true, + "type": "object" + }, + "type": { + "default": "policy", + "description": "The type of the resource. The value should always be `policy`.", + "enum": [ + "policy" + ], + "example": "policy", + "type": "string", + "x-enum-varnames": [ + "POLICY" + ] + } + }, + "type": "object" + } + }, + "type": "object" + } + } + }, + "description": "Created" + }, + "400": { + "content": { + "application/json": { + "schema": { + "description": "API error response.", + "properties": { + "errors": { + "description": "A list of errors.", + "example": [ + "Bad Request" + ], + "items": { + "description": "A list of items.", + "example": "Bad Request", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "errors" + ], + "type": "object" + } + } + }, + "description": "Bad Request" + }, + "403": { + "content": { + "application/json": { + "schema": { + "description": "API error response.", + "properties": { + "errors": { + "description": "A list of errors.", + "example": [ + "Bad Request" + ], + "items": { + "description": "A list of items.", + "example": "Bad Request", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "errors" + ], + "type": "object" + } + } + }, + "description": "Not Authorized" + }, + "409": { + "content": { + "application/json": { + "schema": { + "description": "API error response.", + "properties": { + "errors": { + "description": "A list of errors.", + "example": [ + "Bad Request" + ], + "items": { + "description": "A list of items.", + "example": "Bad Request", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "errors" + ], + "type": "object" + } + } + }, + "description": "Concurrent Modification" + }, + "429": { + "content": { + "application/json": { + "schema": { + "description": "API error response.", + "properties": { + "errors": { + "description": "A list of errors.", + "example": [ + "Bad Request" + ], + "items": { + "description": "A list of items.", + "example": "Bad Request", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "errors" + ], + "type": "object" + } + } + }, + "description": "Too many requests" + } + }, + "summary": "Create a WAF Policy", + "tags": [ + "Application Security" + ], + "x-codegen-request-body-name": "body", + "x-given": { + "policy": { + "parameters": [ + { + "name": "body", + "value": "{\n \"data\": {\n \"type\": \"policy\",\n \"attributes\": {\n \"name\": \"Test policy\",\n \"description\": \"This is a test policy.\",\n \"basedOn\": \"recommended\"\n }\n }\n}" + } + ], + "step": "there is a valid \"policy\" in the system" + } + }, + "x-menu-order": 12, + "x-undo": { + "operationId": "DeleteApplicationSecurityWafPolicy", + "parameters": [ + { + "name": "policy_id", + "source": "data.id" + } + ], + "type": "unsafe" + } + } + }, + "/api/v2/remote_config/products/asm/waf/policies/{policy_id}": { + "delete": { + "description": "Delete a specific WAF policy.", + "operationId": "DeleteApplicationSecurityWafPolicy", + "parameters": [ + { + "description": "The ID of the policy.", + "example": "recommended", + "in": "path", + "name": "policy_id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "No Content" + }, + "403": { + "content": { + "application/json": { + "schema": { + "description": "API error response.", + "properties": { + "errors": { + "description": "A list of errors.", + "example": [ + "Bad Request" + ], + "items": { + "description": "A list of items.", + "example": "Bad Request", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "errors" + ], + "type": "object" + } + } + }, + "description": "Not Authorized" + }, + "404": { + "content": { + "application/json": { + "schema": { + "description": "API error response.", + "properties": { + "errors": { + "description": "A list of errors.", + "example": [ + "Bad Request" + ], + "items": { + "description": "A list of items.", + "example": "Bad Request", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "errors" + ], + "type": "object" + } + } + }, + "description": "Not Found" + }, + "409": { + "content": { + "application/json": { + "schema": { + "description": "API error response.", + "properties": { + "errors": { + "description": "A list of errors.", + "example": [ + "Bad Request" + ], + "items": { + "description": "A list of items.", + "example": "Bad Request", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "errors" + ], + "type": "object" + } + } + }, + "description": "Concurrent Modification" + }, + "429": { + "content": { + "application/json": { + "schema": { + "description": "API error response.", + "properties": { + "errors": { + "description": "A list of errors.", + "example": [ + "Bad Request" + ], + "items": { + "description": "A list of items.", + "example": "Bad Request", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "errors" + ], + "type": "object" + } + } + }, + "description": "Too many requests" + } + }, + "summary": "Delete a WAF Policy", + "tags": [ + "Application Security" + ], + "x-menu-order": 16, + "x-terraform-resource": "appsec_waf_policy", + "x-undo": { + "type": "idempotent" + } + }, + "get": { + "description": "Retrieve a WAF policy by ID.", + "operationId": "GetApplicationSecurityWafPolicy", + "parameters": [ + { + "description": "The ID of the policy.", + "example": "recommended", + "in": "path", + "name": "policy_id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "description": "Response object that includes a single WAF policy.", + "properties": { + "data": { + "description": "Object for a single WAF policy.", + "properties": { + "attributes": { + "description": "A WAF policy.", + "properties": { + "description": { + "description": "Description of the WAF policy.", + "example": "Policy applied to internal web applications.", + "type": "string" + }, + "isDefault": { + "description": "Make this policy the default policy. The default policy is applied to every services not specifically added to another policy.", + "example": false, + "type": "boolean" + }, + "name": { + "description": "The Name of the WAF policy.", + "example": "Internal Network Policy", + "type": "string" + }, + "protectionPresets": { + "description": "Presets enabled on this policy.", + "items": { + "example": "attack-tools", + "type": "string" + }, + "type": "array" + }, + "rules": { + "description": "Rule overrides applied by the policy.", + "items": { + "description": "Override WAF rule parameters for services in a policy.", + "properties": { + "blocking": { + "description": "When blocking is enabled, the rule will block the traffic matched by this rule.", + "example": false, + "type": "boolean" + }, + "enabled": { + "description": "When false, this rule will not match any traffic.", + "example": true, + "type": "boolean" + }, + "id": { + "description": "Override the parameters for this WAF rule identifier.", + "example": "rasp-001-002", + "type": "string" + } + }, + "required": [ + "id", + "enabled", + "blocking" + ], + "type": "object" + }, + "type": "array" + }, + "scope": { + "description": "The scope of the WAF policy.", + "items": { + "description": "The scope of the WAF policy.", + "properties": { + "env": { + "description": "The environment scope for the WAF policy.", + "example": "prod", + "type": "string" + }, + "service": { + "description": "The service scope for the WAF policy.", + "example": "billing-service", + "type": "string" + } + }, + "required": [ + "service", + "env" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "default": 0, + "description": "Version of the WAF ruleset maintained by Datadog used by this policy. 0 is the default value.", + "example": 0, + "format": "int64", + "type": "integer" + } + }, + "required": [ + "name", + "description" + ], + "type": "object" + }, + "id": { + "description": "The ID of the policy.", + "example": "2857c47d-1e3a-4300-8b2f-dc24089c084b", + "readOnly": true, + "type": "string" + }, + "metadata": { + "description": "Metadata associated with the WAF policy.", + "properties": { + "added_at": { + "description": "The date and time the WAF policy was created.", + "example": "2021-01-01T00:00:00Z", + "format": "date-time", + "type": "string" + }, + "added_by": { + "description": "The handle of the user who created the WAF policy.", + "example": "john.doe@datadoghq.com", + "type": "string" + }, + "added_by_name": { + "description": "The name of the user who created the WAF policy.", + "example": "John Doe", + "type": "string" + }, + "modified_at": { + "description": "The date and time the WAF policy was last updated.", + "example": "2021-01-01T00:00:00Z", + "format": "date-time", + "type": "string" + }, + "modified_by": { + "description": "The handle of the user who last updated the WAF policy.", + "example": "john.doe@datadoghq.com", + "type": "string" + }, + "modified_by_name": { + "description": "The name of the user who last updated the WAF policy.", + "example": "John Doe", + "type": "string" + } + }, + "readOnly": true, + "type": "object" + }, + "type": { + "default": "policy", + "description": "The type of the resource. The value should always be `policy`.", + "enum": [ + "policy" + ], + "example": "policy", + "type": "string", + "x-enum-varnames": [ + "POLICY" + ] + } + }, + "type": "object" + } + }, + "type": "object" + } + } + }, + "description": "OK" + }, + "403": { + "content": { + "application/json": { + "schema": { + "description": "API error response.", + "properties": { + "errors": { + "description": "A list of errors.", + "example": [ + "Bad Request" + ], + "items": { + "description": "A list of items.", + "example": "Bad Request", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "errors" + ], + "type": "object" + } + } + }, + "description": "Not Authorized" + }, + "429": { + "content": { + "application/json": { + "schema": { + "description": "API error response.", + "properties": { + "errors": { + "description": "A list of errors.", + "example": [ + "Bad Request" + ], + "items": { + "description": "A list of items.", + "example": "Bad Request", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "errors" + ], + "type": "object" + } + } + }, + "description": "Too many requests" + } + }, + "summary": "Get a WAF Policy", + "tags": [ + "Application Security" + ], + "x-menu-order": 10, + "x-terraform-resource": "appsec_waf_policy", + "x-undo": { + "type": "safe" + } + }, + "put": { + "description": "Update a specific WAF policy.\nReturns the Policy object when the request is successful.", + "operationId": "UpdateApplicationSecurityWafPolicy", + "parameters": [ + { + "description": "The ID of the policy.", + "example": "recommended", + "in": "path", + "name": "policy_id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "description": "Request object that includes the policy to update.", + "properties": { + "data": { + "description": "Object for a single WAF policy.", + "properties": { + "attributes": { + "description": "Update a WAF policy.", + "properties": { + "description": { + "description": "Description of the WAF policy.", + "example": "Policy applied to internal web applications.", + "type": "string" + }, + "isDefault": { + "description": "Make this policy the default policy. The default policy is applied to every services not specifically added to another policy.", + "example": false, + "type": "boolean" + }, + "name": { + "description": "The Name of the WAF policy.", + "example": "Internal Network Policy", + "type": "string" + }, + "protectionPresets": { + "description": "Presets enabled on this policy.", + "example": [ + "attack-tools" + ], + "items": { + "example": "attack-tools", + "type": "string" + }, + "type": "array" + }, + "rules": { + "description": "Rule overrides applied by the policy.", + "items": { + "description": "Override WAF rule parameters for services in a policy.", + "properties": { + "blocking": { + "description": "When blocking is enabled, the rule will block the traffic matched by this rule.", + "example": false, + "type": "boolean" + }, + "enabled": { + "description": "When false, this rule will not match any traffic.", + "example": true, + "type": "boolean" + }, + "id": { + "description": "Override the parameters for this WAF rule identifier.", + "example": "rasp-001-002", + "type": "string" + } + }, + "required": [ + "id", + "enabled", + "blocking" + ], + "type": "object" + }, + "type": "array" + }, + "scope": { + "description": "The scope of the WAF policy.", + "items": { + "description": "The scope of the WAF policy.", + "properties": { + "env": { + "description": "The environment scope for the WAF policy.", + "example": "prod", + "type": "string" + }, + "service": { + "description": "The service scope for the WAF policy.", + "example": "billing-service", + "type": "string" + } + }, + "required": [ + "service", + "env" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "default": 0, + "description": "Version of the WAF ruleset maintained by Datadog used by this policy. 0 is the default value.", + "example": 0, + "format": "int64", + "type": "integer" + } + }, + "required": [ + "name", + "description", + "version", + "isDefault", + "rules", + "protectionPresets", + "scope" + ], + "type": "object" + }, + "type": { + "default": "policy", + "description": "The type of the resource. The value should always be `policy`.", + "enum": [ + "policy" + ], + "example": "policy", + "type": "string", + "x-enum-varnames": [ + "POLICY" + ] + } + }, + "required": [ + "attributes", + "type" + ], + "type": "object" + } + }, + "required": [ + "data" + ], + "type": "object" + } + } + }, + "description": "New WAF Policy.", + "required": true + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "description": "Response object that includes a single WAF policy.", + "properties": { + "data": { + "description": "Object for a single WAF policy.", + "properties": { + "attributes": { + "description": "A WAF policy.", + "properties": { + "description": { + "description": "Description of the WAF policy.", + "example": "Policy applied to internal web applications.", + "type": "string" + }, + "isDefault": { + "description": "Make this policy the default policy. The default policy is applied to every services not specifically added to another policy.", + "example": false, + "type": "boolean" + }, + "name": { + "description": "The Name of the WAF policy.", + "example": "Internal Network Policy", + "type": "string" + }, + "protectionPresets": { + "description": "Presets enabled on this policy.", + "items": { + "example": "attack-tools", + "type": "string" + }, + "type": "array" + }, + "rules": { + "description": "Rule overrides applied by the policy.", + "items": { + "description": "Override WAF rule parameters for services in a policy.", + "properties": { + "blocking": { + "description": "When blocking is enabled, the rule will block the traffic matched by this rule.", + "example": false, + "type": "boolean" + }, + "enabled": { + "description": "When false, this rule will not match any traffic.", + "example": true, + "type": "boolean" + }, + "id": { + "description": "Override the parameters for this WAF rule identifier.", + "example": "rasp-001-002", + "type": "string" + } + }, + "required": [ + "id", + "enabled", + "blocking" + ], + "type": "object" + }, + "type": "array" + }, + "scope": { + "description": "The scope of the WAF policy.", + "items": { + "description": "The scope of the WAF policy.", + "properties": { + "env": { + "description": "The environment scope for the WAF policy.", + "example": "prod", + "type": "string" + }, + "service": { + "description": "The service scope for the WAF policy.", + "example": "billing-service", + "type": "string" + } + }, + "required": [ + "service", + "env" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "default": 0, + "description": "Version of the WAF ruleset maintained by Datadog used by this policy. 0 is the default value.", + "example": 0, + "format": "int64", + "type": "integer" + } + }, + "required": [ + "name", + "description" + ], + "type": "object" + }, + "id": { + "description": "The ID of the policy.", + "example": "2857c47d-1e3a-4300-8b2f-dc24089c084b", + "readOnly": true, + "type": "string" + }, + "metadata": { + "description": "Metadata associated with the WAF policy.", + "properties": { + "added_at": { + "description": "The date and time the WAF policy was created.", + "example": "2021-01-01T00:00:00Z", + "format": "date-time", + "type": "string" + }, + "added_by": { + "description": "The handle of the user who created the WAF policy.", + "example": "john.doe@datadoghq.com", + "type": "string" + }, + "added_by_name": { + "description": "The name of the user who created the WAF policy.", + "example": "John Doe", + "type": "string" + }, + "modified_at": { + "description": "The date and time the WAF policy was last updated.", + "example": "2021-01-01T00:00:00Z", + "format": "date-time", + "type": "string" + }, + "modified_by": { + "description": "The handle of the user who last updated the WAF policy.", + "example": "john.doe@datadoghq.com", + "type": "string" + }, + "modified_by_name": { + "description": "The name of the user who last updated the WAF policy.", + "example": "John Doe", + "type": "string" + } + }, + "readOnly": true, + "type": "object" + }, + "type": { + "default": "policy", + "description": "The type of the resource. The value should always be `policy`.", + "enum": [ + "policy" + ], + "example": "policy", + "type": "string", + "x-enum-varnames": [ + "POLICY" + ] + } + }, + "type": "object" + } + }, + "type": "object" + } + } + }, + "description": "OK" + }, + "400": { + "content": { + "application/json": { + "schema": { + "description": "API error response.", + "properties": { + "errors": { + "description": "A list of errors.", + "example": [ + "Bad Request" + ], + "items": { + "description": "A list of items.", + "example": "Bad Request", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "errors" + ], + "type": "object" + } + } + }, + "description": "Bad Request" + }, + "403": { + "content": { + "application/json": { + "schema": { + "description": "API error response.", + "properties": { + "errors": { + "description": "A list of errors.", + "example": [ + "Bad Request" + ], + "items": { + "description": "A list of items.", + "example": "Bad Request", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "errors" + ], + "type": "object" + } + } + }, + "description": "Not Authorized" + }, + "404": { + "content": { + "application/json": { + "schema": { + "description": "API error response.", + "properties": { + "errors": { + "description": "A list of errors.", + "example": [ + "Bad Request" + ], + "items": { + "description": "A list of items.", + "example": "Bad Request", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "errors" + ], + "type": "object" + } + } + }, + "description": "Not Found" + }, + "409": { + "content": { + "application/json": { + "schema": { + "description": "API error response.", + "properties": { + "errors": { + "description": "A list of errors.", + "example": [ + "Bad Request" + ], + "items": { + "description": "A list of items.", + "example": "Bad Request", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "errors" + ], + "type": "object" + } + } + }, + "description": "Concurrent Modification" + }, + "429": { + "content": { + "application/json": { + "schema": { + "description": "API error response.", + "properties": { + "errors": { + "description": "A list of errors.", + "example": [ + "Bad Request" + ], + "items": { + "description": "A list of items.", + "example": "Bad Request", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "errors" + ], + "type": "object" + } + } + }, + "description": "Too many requests" + } + }, + "summary": "Update a WAF Policy", + "tags": [ + "Application Security" + ], + "x-codegen-request-body-name": "body", + "x-menu-order": 15, + "x-terraform-resource": "appsec_waf_policy", + "x-undo": { + "type": "idempotent" + } + } + }, "/api/v2/remote_config/products/cws/agent_rules": { "get": { "description": "Get the list of Workload Protection agent rules.\n\n**Note**: This endpoint is not available for the Government (US1-FED) site. Please reference the (US1-FED) specific resource below.", diff --git a/data/api/v2/translate_actions.json b/data/api/v2/translate_actions.json index 7e1a543d1c750..f4a0cbcf4e5d3 100644 --- a/data/api/v2/translate_actions.json +++ b/data/api/v2/translate_actions.json @@ -1919,6 +1919,30 @@ "request_description": "The exclusion filter to update.", "request_schema_description": "Request object for updating a single WAF exclusion filter." }, + "ListApplicationSecurityWAFPolicies": { + "description": "Retrieve a list of WAF policies.", + "summary": "List all WAF policies" + }, + "CreateApplicationSecurityWafPolicy": { + "description": "Create a new WAF policy.", + "summary": "Create a WAF Policy", + "request_description": "The new WAF policy.", + "request_schema_description": "Request object that includes the policy to create." + }, + "DeleteApplicationSecurityWafPolicy": { + "description": "Delete a specific WAF policy.", + "summary": "Delete a WAF Policy" + }, + "GetApplicationSecurityWafPolicy": { + "description": "Retrieve a WAF policy by ID.", + "summary": "Get a WAF Policy" + }, + "UpdateApplicationSecurityWafPolicy": { + "description": "Update a specific WAF policy.\nReturns the Policy object when the request is successful.", + "summary": "Update a WAF Policy", + "request_description": "New WAF Policy.", + "request_schema_description": "Request object that includes the policy to update." + }, "ListCSMThreatsAgentRules": { "description": "Get the list of Workload Protection agent rules.\n\n**Note**: This endpoint is not available for the Government (US1-FED) site. Please reference the (US1-FED) specific resource below.", "summary": "Get all Workload Protection agent rules" diff --git a/static/resources/json/full_spec_v2.json b/static/resources/json/full_spec_v2.json index 9d326ebb0795a..daedcbeda8abc 100644 --- a/static/resources/json/full_spec_v2.json +++ b/static/resources/json/full_spec_v2.json @@ -233,6 +233,16 @@ ] } }, + "ApplicationSecurityPolicyIDParam": { + "description": "The ID of the policy.", + "example": "recommended", + "in": "path", + "name": "policy_id", + "required": true, + "schema": { + "type": "string" + } + }, "ApplicationSecurityWafCustomRuleIDParam": { "description": "The ID of the custom rule.", "example": "3b5-v82-ns6", @@ -21984,6 +21994,1396 @@ "APPLICATION_KEYS" ] }, + "ApplicationSecurityPolicyAttributes": { + "description": "A WAF policy.", + "properties": { + "description": { + "description": "Description of the WAF policy.", + "example": "Policy applied to internal web applications.", + "type": "string" + }, + "isDefault": { + "description": "Make this policy the default policy. The default policy is applied to every services not specifically added to another policy.", + "example": false, + "type": "boolean" + }, + "name": { + "description": "The Name of the WAF policy.", + "example": "Internal Network Policy", + "type": "string" + }, + "protectionPresets": { + "description": "Presets enabled on this policy.", + "items": { + "example": "attack-tools", + "type": "string" + }, + "type": "array" + }, + "rules": { + "description": "Rule overrides applied by the policy.", + "items": { + "description": "Override WAF rule parameters for services in a policy.", + "properties": { + "blocking": { + "description": "When blocking is enabled, the rule will block the traffic matched by this rule.", + "example": false, + "type": "boolean" + }, + "enabled": { + "description": "When false, this rule will not match any traffic.", + "example": true, + "type": "boolean" + }, + "id": { + "description": "Override the parameters for this WAF rule identifier.", + "example": "rasp-001-002", + "type": "string" + } + }, + "required": [ + "id", + "enabled", + "blocking" + ], + "type": "object" + }, + "type": "array" + }, + "scope": { + "description": "The scope of the WAF policy.", + "items": { + "description": "The scope of the WAF policy.", + "properties": { + "env": { + "description": "The environment scope for the WAF policy.", + "example": "prod", + "type": "string" + }, + "service": { + "description": "The service scope for the WAF policy.", + "example": "billing-service", + "type": "string" + } + }, + "required": [ + "service", + "env" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "default": 0, + "description": "Version of the WAF ruleset maintained by Datadog used by this policy. 0 is the default value.", + "example": 0, + "format": "int64", + "type": "integer" + } + }, + "required": [ + "name", + "description" + ], + "type": "object" + }, + "ApplicationSecurityPolicyCreateAttributes": { + "description": "Create a new WAF policy.", + "properties": { + "basedOn": { + "description": "When creating a new policy, clone the policy indicated by this identifier.", + "example": "recommended", + "type": "string" + }, + "description": { + "description": "Description of the WAF policy.", + "example": "Policy applied to internal web applications.", + "type": "string" + }, + "isDefault": { + "description": "Make this policy the default policy. The default policy is applied to every services not specifically added to another policy.", + "example": false, + "type": "boolean" + }, + "name": { + "description": "The Name of the WAF policy.", + "example": "Internal Network Policy", + "type": "string" + }, + "protectionPresets": { + "description": "Presets enabled on this policy.", + "items": { + "example": "attack-tools", + "type": "string" + }, + "type": "array" + }, + "rules": { + "description": "Rule overrides applied by the policy.", + "items": { + "description": "Override WAF rule parameters for services in a policy.", + "properties": { + "blocking": { + "description": "When blocking is enabled, the rule will block the traffic matched by this rule.", + "example": false, + "type": "boolean" + }, + "enabled": { + "description": "When false, this rule will not match any traffic.", + "example": true, + "type": "boolean" + }, + "id": { + "description": "Override the parameters for this WAF rule identifier.", + "example": "rasp-001-002", + "type": "string" + } + }, + "required": [ + "id", + "enabled", + "blocking" + ], + "type": "object" + }, + "type": "array" + }, + "scope": { + "description": "The scope of the WAF policy.", + "items": { + "description": "The scope of the WAF policy.", + "properties": { + "env": { + "description": "The environment scope for the WAF policy.", + "example": "prod", + "type": "string" + }, + "service": { + "description": "The service scope for the WAF policy.", + "example": "billing-service", + "type": "string" + } + }, + "required": [ + "service", + "env" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "default": 0, + "description": "Version of the WAF ruleset maintained by Datadog used by this policy. 0 is the default value.", + "example": 0, + "format": "int64", + "type": "integer" + } + }, + "required": [ + "name", + "description", + "basedOn" + ], + "type": "object" + }, + "ApplicationSecurityPolicyCreateData": { + "description": "Object for a single WAF policy.", + "properties": { + "attributes": { + "description": "Create a new WAF policy.", + "properties": { + "basedOn": { + "description": "When creating a new policy, clone the policy indicated by this identifier.", + "example": "recommended", + "type": "string" + }, + "description": { + "description": "Description of the WAF policy.", + "example": "Policy applied to internal web applications.", + "type": "string" + }, + "isDefault": { + "description": "Make this policy the default policy. The default policy is applied to every services not specifically added to another policy.", + "example": false, + "type": "boolean" + }, + "name": { + "description": "The Name of the WAF policy.", + "example": "Internal Network Policy", + "type": "string" + }, + "protectionPresets": { + "description": "Presets enabled on this policy.", + "items": { + "example": "attack-tools", + "type": "string" + }, + "type": "array" + }, + "rules": { + "description": "Rule overrides applied by the policy.", + "items": { + "description": "Override WAF rule parameters for services in a policy.", + "properties": { + "blocking": { + "description": "When blocking is enabled, the rule will block the traffic matched by this rule.", + "example": false, + "type": "boolean" + }, + "enabled": { + "description": "When false, this rule will not match any traffic.", + "example": true, + "type": "boolean" + }, + "id": { + "description": "Override the parameters for this WAF rule identifier.", + "example": "rasp-001-002", + "type": "string" + } + }, + "required": [ + "id", + "enabled", + "blocking" + ], + "type": "object" + }, + "type": "array" + }, + "scope": { + "description": "The scope of the WAF policy.", + "items": { + "description": "The scope of the WAF policy.", + "properties": { + "env": { + "description": "The environment scope for the WAF policy.", + "example": "prod", + "type": "string" + }, + "service": { + "description": "The service scope for the WAF policy.", + "example": "billing-service", + "type": "string" + } + }, + "required": [ + "service", + "env" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "default": 0, + "description": "Version of the WAF ruleset maintained by Datadog used by this policy. 0 is the default value.", + "example": 0, + "format": "int64", + "type": "integer" + } + }, + "required": [ + "name", + "description", + "basedOn" + ], + "type": "object" + }, + "type": { + "default": "policy", + "description": "The type of the resource. The value should always be `policy`.", + "enum": [ + "policy" + ], + "example": "policy", + "type": "string", + "x-enum-varnames": [ + "POLICY" + ] + } + }, + "required": [ + "attributes", + "type" + ], + "type": "object" + }, + "ApplicationSecurityPolicyCreateRequest": { + "description": "Request object that includes the policy to create.", + "properties": { + "data": { + "description": "Object for a single WAF policy.", + "properties": { + "attributes": { + "description": "Create a new WAF policy.", + "properties": { + "basedOn": { + "description": "When creating a new policy, clone the policy indicated by this identifier.", + "example": "recommended", + "type": "string" + }, + "description": { + "description": "Description of the WAF policy.", + "example": "Policy applied to internal web applications.", + "type": "string" + }, + "isDefault": { + "description": "Make this policy the default policy. The default policy is applied to every services not specifically added to another policy.", + "example": false, + "type": "boolean" + }, + "name": { + "description": "The Name of the WAF policy.", + "example": "Internal Network Policy", + "type": "string" + }, + "protectionPresets": { + "description": "Presets enabled on this policy.", + "items": { + "example": "attack-tools", + "type": "string" + }, + "type": "array" + }, + "rules": { + "description": "Rule overrides applied by the policy.", + "items": { + "description": "Override WAF rule parameters for services in a policy.", + "properties": { + "blocking": { + "description": "When blocking is enabled, the rule will block the traffic matched by this rule.", + "example": false, + "type": "boolean" + }, + "enabled": { + "description": "When false, this rule will not match any traffic.", + "example": true, + "type": "boolean" + }, + "id": { + "description": "Override the parameters for this WAF rule identifier.", + "example": "rasp-001-002", + "type": "string" + } + }, + "required": [ + "id", + "enabled", + "blocking" + ], + "type": "object" + }, + "type": "array" + }, + "scope": { + "description": "The scope of the WAF policy.", + "items": { + "description": "The scope of the WAF policy.", + "properties": { + "env": { + "description": "The environment scope for the WAF policy.", + "example": "prod", + "type": "string" + }, + "service": { + "description": "The service scope for the WAF policy.", + "example": "billing-service", + "type": "string" + } + }, + "required": [ + "service", + "env" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "default": 0, + "description": "Version of the WAF ruleset maintained by Datadog used by this policy. 0 is the default value.", + "example": 0, + "format": "int64", + "type": "integer" + } + }, + "required": [ + "name", + "description", + "basedOn" + ], + "type": "object" + }, + "type": { + "default": "policy", + "description": "The type of the resource. The value should always be `policy`.", + "enum": [ + "policy" + ], + "example": "policy", + "type": "string", + "x-enum-varnames": [ + "POLICY" + ] + } + }, + "required": [ + "attributes", + "type" + ], + "type": "object" + } + }, + "required": [ + "data" + ], + "type": "object" + }, + "ApplicationSecurityPolicyData": { + "description": "Object for a single WAF policy.", + "properties": { + "attributes": { + "description": "A WAF policy.", + "properties": { + "description": { + "description": "Description of the WAF policy.", + "example": "Policy applied to internal web applications.", + "type": "string" + }, + "isDefault": { + "description": "Make this policy the default policy. The default policy is applied to every services not specifically added to another policy.", + "example": false, + "type": "boolean" + }, + "name": { + "description": "The Name of the WAF policy.", + "example": "Internal Network Policy", + "type": "string" + }, + "protectionPresets": { + "description": "Presets enabled on this policy.", + "items": { + "example": "attack-tools", + "type": "string" + }, + "type": "array" + }, + "rules": { + "description": "Rule overrides applied by the policy.", + "items": { + "description": "Override WAF rule parameters for services in a policy.", + "properties": { + "blocking": { + "description": "When blocking is enabled, the rule will block the traffic matched by this rule.", + "example": false, + "type": "boolean" + }, + "enabled": { + "description": "When false, this rule will not match any traffic.", + "example": true, + "type": "boolean" + }, + "id": { + "description": "Override the parameters for this WAF rule identifier.", + "example": "rasp-001-002", + "type": "string" + } + }, + "required": [ + "id", + "enabled", + "blocking" + ], + "type": "object" + }, + "type": "array" + }, + "scope": { + "description": "The scope of the WAF policy.", + "items": { + "description": "The scope of the WAF policy.", + "properties": { + "env": { + "description": "The environment scope for the WAF policy.", + "example": "prod", + "type": "string" + }, + "service": { + "description": "The service scope for the WAF policy.", + "example": "billing-service", + "type": "string" + } + }, + "required": [ + "service", + "env" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "default": 0, + "description": "Version of the WAF ruleset maintained by Datadog used by this policy. 0 is the default value.", + "example": 0, + "format": "int64", + "type": "integer" + } + }, + "required": [ + "name", + "description" + ], + "type": "object" + }, + "id": { + "description": "The ID of the policy.", + "example": "2857c47d-1e3a-4300-8b2f-dc24089c084b", + "readOnly": true, + "type": "string" + }, + "metadata": { + "description": "Metadata associated with the WAF policy.", + "properties": { + "added_at": { + "description": "The date and time the WAF policy was created.", + "example": "2021-01-01T00:00:00Z", + "format": "date-time", + "type": "string" + }, + "added_by": { + "description": "The handle of the user who created the WAF policy.", + "example": "john.doe@datadoghq.com", + "type": "string" + }, + "added_by_name": { + "description": "The name of the user who created the WAF policy.", + "example": "John Doe", + "type": "string" + }, + "modified_at": { + "description": "The date and time the WAF policy was last updated.", + "example": "2021-01-01T00:00:00Z", + "format": "date-time", + "type": "string" + }, + "modified_by": { + "description": "The handle of the user who last updated the WAF policy.", + "example": "john.doe@datadoghq.com", + "type": "string" + }, + "modified_by_name": { + "description": "The name of the user who last updated the WAF policy.", + "example": "John Doe", + "type": "string" + } + }, + "readOnly": true, + "type": "object" + }, + "type": { + "default": "policy", + "description": "The type of the resource. The value should always be `policy`.", + "enum": [ + "policy" + ], + "example": "policy", + "type": "string", + "x-enum-varnames": [ + "POLICY" + ] + } + }, + "type": "object" + }, + "ApplicationSecurityPolicyListResponse": { + "description": "Response object that includes a list of WAF policies.", + "properties": { + "data": { + "description": "The WAF policy data.", + "items": { + "description": "Object for a single WAF policy.", + "properties": { + "attributes": { + "description": "A WAF policy.", + "properties": { + "description": { + "description": "Description of the WAF policy.", + "example": "Policy applied to internal web applications.", + "type": "string" + }, + "isDefault": { + "description": "Make this policy the default policy. The default policy is applied to every services not specifically added to another policy.", + "example": false, + "type": "boolean" + }, + "name": { + "description": "The Name of the WAF policy.", + "example": "Internal Network Policy", + "type": "string" + }, + "protectionPresets": { + "description": "Presets enabled on this policy.", + "items": { + "example": "attack-tools", + "type": "string" + }, + "type": "array" + }, + "rules": { + "description": "Rule overrides applied by the policy.", + "items": { + "description": "Override WAF rule parameters for services in a policy.", + "properties": { + "blocking": { + "description": "When blocking is enabled, the rule will block the traffic matched by this rule.", + "example": false, + "type": "boolean" + }, + "enabled": { + "description": "When false, this rule will not match any traffic.", + "example": true, + "type": "boolean" + }, + "id": { + "description": "Override the parameters for this WAF rule identifier.", + "example": "rasp-001-002", + "type": "string" + } + }, + "required": [ + "id", + "enabled", + "blocking" + ], + "type": "object" + }, + "type": "array" + }, + "scope": { + "description": "The scope of the WAF policy.", + "items": { + "description": "The scope of the WAF policy.", + "properties": { + "env": { + "description": "The environment scope for the WAF policy.", + "example": "prod", + "type": "string" + }, + "service": { + "description": "The service scope for the WAF policy.", + "example": "billing-service", + "type": "string" + } + }, + "required": [ + "service", + "env" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "default": 0, + "description": "Version of the WAF ruleset maintained by Datadog used by this policy. 0 is the default value.", + "example": 0, + "format": "int64", + "type": "integer" + } + }, + "required": [ + "name", + "description" + ], + "type": "object" + }, + "id": { + "description": "The ID of the policy.", + "example": "2857c47d-1e3a-4300-8b2f-dc24089c084b", + "readOnly": true, + "type": "string" + }, + "metadata": { + "description": "Metadata associated with the WAF policy.", + "properties": { + "added_at": { + "description": "The date and time the WAF policy was created.", + "example": "2021-01-01T00:00:00Z", + "format": "date-time", + "type": "string" + }, + "added_by": { + "description": "The handle of the user who created the WAF policy.", + "example": "john.doe@datadoghq.com", + "type": "string" + }, + "added_by_name": { + "description": "The name of the user who created the WAF policy.", + "example": "John Doe", + "type": "string" + }, + "modified_at": { + "description": "The date and time the WAF policy was last updated.", + "example": "2021-01-01T00:00:00Z", + "format": "date-time", + "type": "string" + }, + "modified_by": { + "description": "The handle of the user who last updated the WAF policy.", + "example": "john.doe@datadoghq.com", + "type": "string" + }, + "modified_by_name": { + "description": "The name of the user who last updated the WAF policy.", + "example": "John Doe", + "type": "string" + } + }, + "readOnly": true, + "type": "object" + }, + "type": { + "default": "policy", + "description": "The type of the resource. The value should always be `policy`.", + "enum": [ + "policy" + ], + "example": "policy", + "type": "string", + "x-enum-varnames": [ + "POLICY" + ] + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "ApplicationSecurityPolicyMetadata": { + "description": "Metadata associated with the WAF policy.", + "properties": { + "added_at": { + "description": "The date and time the WAF policy was created.", + "example": "2021-01-01T00:00:00Z", + "format": "date-time", + "type": "string" + }, + "added_by": { + "description": "The handle of the user who created the WAF policy.", + "example": "john.doe@datadoghq.com", + "type": "string" + }, + "added_by_name": { + "description": "The name of the user who created the WAF policy.", + "example": "John Doe", + "type": "string" + }, + "modified_at": { + "description": "The date and time the WAF policy was last updated.", + "example": "2021-01-01T00:00:00Z", + "format": "date-time", + "type": "string" + }, + "modified_by": { + "description": "The handle of the user who last updated the WAF policy.", + "example": "john.doe@datadoghq.com", + "type": "string" + }, + "modified_by_name": { + "description": "The name of the user who last updated the WAF policy.", + "example": "John Doe", + "type": "string" + } + }, + "readOnly": true, + "type": "object" + }, + "ApplicationSecurityPolicyResponse": { + "description": "Response object that includes a single WAF policy.", + "properties": { + "data": { + "description": "Object for a single WAF policy.", + "properties": { + "attributes": { + "description": "A WAF policy.", + "properties": { + "description": { + "description": "Description of the WAF policy.", + "example": "Policy applied to internal web applications.", + "type": "string" + }, + "isDefault": { + "description": "Make this policy the default policy. The default policy is applied to every services not specifically added to another policy.", + "example": false, + "type": "boolean" + }, + "name": { + "description": "The Name of the WAF policy.", + "example": "Internal Network Policy", + "type": "string" + }, + "protectionPresets": { + "description": "Presets enabled on this policy.", + "items": { + "example": "attack-tools", + "type": "string" + }, + "type": "array" + }, + "rules": { + "description": "Rule overrides applied by the policy.", + "items": { + "description": "Override WAF rule parameters for services in a policy.", + "properties": { + "blocking": { + "description": "When blocking is enabled, the rule will block the traffic matched by this rule.", + "example": false, + "type": "boolean" + }, + "enabled": { + "description": "When false, this rule will not match any traffic.", + "example": true, + "type": "boolean" + }, + "id": { + "description": "Override the parameters for this WAF rule identifier.", + "example": "rasp-001-002", + "type": "string" + } + }, + "required": [ + "id", + "enabled", + "blocking" + ], + "type": "object" + }, + "type": "array" + }, + "scope": { + "description": "The scope of the WAF policy.", + "items": { + "description": "The scope of the WAF policy.", + "properties": { + "env": { + "description": "The environment scope for the WAF policy.", + "example": "prod", + "type": "string" + }, + "service": { + "description": "The service scope for the WAF policy.", + "example": "billing-service", + "type": "string" + } + }, + "required": [ + "service", + "env" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "default": 0, + "description": "Version of the WAF ruleset maintained by Datadog used by this policy. 0 is the default value.", + "example": 0, + "format": "int64", + "type": "integer" + } + }, + "required": [ + "name", + "description" + ], + "type": "object" + }, + "id": { + "description": "The ID of the policy.", + "example": "2857c47d-1e3a-4300-8b2f-dc24089c084b", + "readOnly": true, + "type": "string" + }, + "metadata": { + "description": "Metadata associated with the WAF policy.", + "properties": { + "added_at": { + "description": "The date and time the WAF policy was created.", + "example": "2021-01-01T00:00:00Z", + "format": "date-time", + "type": "string" + }, + "added_by": { + "description": "The handle of the user who created the WAF policy.", + "example": "john.doe@datadoghq.com", + "type": "string" + }, + "added_by_name": { + "description": "The name of the user who created the WAF policy.", + "example": "John Doe", + "type": "string" + }, + "modified_at": { + "description": "The date and time the WAF policy was last updated.", + "example": "2021-01-01T00:00:00Z", + "format": "date-time", + "type": "string" + }, + "modified_by": { + "description": "The handle of the user who last updated the WAF policy.", + "example": "john.doe@datadoghq.com", + "type": "string" + }, + "modified_by_name": { + "description": "The name of the user who last updated the WAF policy.", + "example": "John Doe", + "type": "string" + } + }, + "readOnly": true, + "type": "object" + }, + "type": { + "default": "policy", + "description": "The type of the resource. The value should always be `policy`.", + "enum": [ + "policy" + ], + "example": "policy", + "type": "string", + "x-enum-varnames": [ + "POLICY" + ] + } + }, + "type": "object" + } + }, + "type": "object" + }, + "ApplicationSecurityPolicyRuleOverride": { + "description": "Override WAF rule parameters for services in a policy.", + "properties": { + "blocking": { + "description": "When blocking is enabled, the rule will block the traffic matched by this rule.", + "example": false, + "type": "boolean" + }, + "enabled": { + "description": "When false, this rule will not match any traffic.", + "example": true, + "type": "boolean" + }, + "id": { + "description": "Override the parameters for this WAF rule identifier.", + "example": "rasp-001-002", + "type": "string" + } + }, + "required": [ + "id", + "enabled", + "blocking" + ], + "type": "object" + }, + "ApplicationSecurityPolicyScope": { + "description": "The scope of the WAF policy.", + "properties": { + "env": { + "description": "The environment scope for the WAF policy.", + "example": "prod", + "type": "string" + }, + "service": { + "description": "The service scope for the WAF policy.", + "example": "billing-service", + "type": "string" + } + }, + "required": [ + "service", + "env" + ], + "type": "object" + }, + "ApplicationSecurityPolicyType": { + "default": "policy", + "description": "The type of the resource. The value should always be `policy`.", + "enum": [ + "policy" + ], + "example": "policy", + "type": "string", + "x-enum-varnames": [ + "POLICY" + ] + }, + "ApplicationSecurityPolicyUpdateAttributes": { + "description": "Update a WAF policy.", + "properties": { + "description": { + "description": "Description of the WAF policy.", + "example": "Policy applied to internal web applications.", + "type": "string" + }, + "isDefault": { + "description": "Make this policy the default policy. The default policy is applied to every services not specifically added to another policy.", + "example": false, + "type": "boolean" + }, + "name": { + "description": "The Name of the WAF policy.", + "example": "Internal Network Policy", + "type": "string" + }, + "protectionPresets": { + "description": "Presets enabled on this policy.", + "example": [ + "attack-tools" + ], + "items": { + "example": "attack-tools", + "type": "string" + }, + "type": "array" + }, + "rules": { + "description": "Rule overrides applied by the policy.", + "items": { + "description": "Override WAF rule parameters for services in a policy.", + "properties": { + "blocking": { + "description": "When blocking is enabled, the rule will block the traffic matched by this rule.", + "example": false, + "type": "boolean" + }, + "enabled": { + "description": "When false, this rule will not match any traffic.", + "example": true, + "type": "boolean" + }, + "id": { + "description": "Override the parameters for this WAF rule identifier.", + "example": "rasp-001-002", + "type": "string" + } + }, + "required": [ + "id", + "enabled", + "blocking" + ], + "type": "object" + }, + "type": "array" + }, + "scope": { + "description": "The scope of the WAF policy.", + "items": { + "description": "The scope of the WAF policy.", + "properties": { + "env": { + "description": "The environment scope for the WAF policy.", + "example": "prod", + "type": "string" + }, + "service": { + "description": "The service scope for the WAF policy.", + "example": "billing-service", + "type": "string" + } + }, + "required": [ + "service", + "env" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "default": 0, + "description": "Version of the WAF ruleset maintained by Datadog used by this policy. 0 is the default value.", + "example": 0, + "format": "int64", + "type": "integer" + } + }, + "required": [ + "name", + "description", + "version", + "isDefault", + "rules", + "protectionPresets", + "scope" + ], + "type": "object" + }, + "ApplicationSecurityPolicyUpdateData": { + "description": "Object for a single WAF policy.", + "properties": { + "attributes": { + "description": "Update a WAF policy.", + "properties": { + "description": { + "description": "Description of the WAF policy.", + "example": "Policy applied to internal web applications.", + "type": "string" + }, + "isDefault": { + "description": "Make this policy the default policy. The default policy is applied to every services not specifically added to another policy.", + "example": false, + "type": "boolean" + }, + "name": { + "description": "The Name of the WAF policy.", + "example": "Internal Network Policy", + "type": "string" + }, + "protectionPresets": { + "description": "Presets enabled on this policy.", + "example": [ + "attack-tools" + ], + "items": { + "example": "attack-tools", + "type": "string" + }, + "type": "array" + }, + "rules": { + "description": "Rule overrides applied by the policy.", + "items": { + "description": "Override WAF rule parameters for services in a policy.", + "properties": { + "blocking": { + "description": "When blocking is enabled, the rule will block the traffic matched by this rule.", + "example": false, + "type": "boolean" + }, + "enabled": { + "description": "When false, this rule will not match any traffic.", + "example": true, + "type": "boolean" + }, + "id": { + "description": "Override the parameters for this WAF rule identifier.", + "example": "rasp-001-002", + "type": "string" + } + }, + "required": [ + "id", + "enabled", + "blocking" + ], + "type": "object" + }, + "type": "array" + }, + "scope": { + "description": "The scope of the WAF policy.", + "items": { + "description": "The scope of the WAF policy.", + "properties": { + "env": { + "description": "The environment scope for the WAF policy.", + "example": "prod", + "type": "string" + }, + "service": { + "description": "The service scope for the WAF policy.", + "example": "billing-service", + "type": "string" + } + }, + "required": [ + "service", + "env" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "default": 0, + "description": "Version of the WAF ruleset maintained by Datadog used by this policy. 0 is the default value.", + "example": 0, + "format": "int64", + "type": "integer" + } + }, + "required": [ + "name", + "description", + "version", + "isDefault", + "rules", + "protectionPresets", + "scope" + ], + "type": "object" + }, + "type": { + "default": "policy", + "description": "The type of the resource. The value should always be `policy`.", + "enum": [ + "policy" + ], + "example": "policy", + "type": "string", + "x-enum-varnames": [ + "POLICY" + ] + } + }, + "required": [ + "attributes", + "type" + ], + "type": "object" + }, + "ApplicationSecurityPolicyUpdateRequest": { + "description": "Request object that includes the policy to update.", + "properties": { + "data": { + "description": "Object for a single WAF policy.", + "properties": { + "attributes": { + "description": "Update a WAF policy.", + "properties": { + "description": { + "description": "Description of the WAF policy.", + "example": "Policy applied to internal web applications.", + "type": "string" + }, + "isDefault": { + "description": "Make this policy the default policy. The default policy is applied to every services not specifically added to another policy.", + "example": false, + "type": "boolean" + }, + "name": { + "description": "The Name of the WAF policy.", + "example": "Internal Network Policy", + "type": "string" + }, + "protectionPresets": { + "description": "Presets enabled on this policy.", + "example": [ + "attack-tools" + ], + "items": { + "example": "attack-tools", + "type": "string" + }, + "type": "array" + }, + "rules": { + "description": "Rule overrides applied by the policy.", + "items": { + "description": "Override WAF rule parameters for services in a policy.", + "properties": { + "blocking": { + "description": "When blocking is enabled, the rule will block the traffic matched by this rule.", + "example": false, + "type": "boolean" + }, + "enabled": { + "description": "When false, this rule will not match any traffic.", + "example": true, + "type": "boolean" + }, + "id": { + "description": "Override the parameters for this WAF rule identifier.", + "example": "rasp-001-002", + "type": "string" + } + }, + "required": [ + "id", + "enabled", + "blocking" + ], + "type": "object" + }, + "type": "array" + }, + "scope": { + "description": "The scope of the WAF policy.", + "items": { + "description": "The scope of the WAF policy.", + "properties": { + "env": { + "description": "The environment scope for the WAF policy.", + "example": "prod", + "type": "string" + }, + "service": { + "description": "The service scope for the WAF policy.", + "example": "billing-service", + "type": "string" + } + }, + "required": [ + "service", + "env" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "default": 0, + "description": "Version of the WAF ruleset maintained by Datadog used by this policy. 0 is the default value.", + "example": 0, + "format": "int64", + "type": "integer" + } + }, + "required": [ + "name", + "description", + "version", + "isDefault", + "rules", + "protectionPresets", + "scope" + ], + "type": "object" + }, + "type": { + "default": "policy", + "description": "The type of the resource. The value should always be `policy`.", + "enum": [ + "policy" + ], + "example": "policy", + "type": "string", + "x-enum-varnames": [ + "POLICY" + ] + } + }, + "required": [ + "attributes", + "type" + ], + "type": "object" + } + }, + "required": [ + "data" + ], + "type": "object" + }, "ApplicationSecurityWafCustomRuleAction": { "description": "The definition of `ApplicationSecurityWafCustomRuleAction` object.", "properties": { @@ -569450,7 +570850,7 @@ "tags": [ "Application Security" ], - "x-menu-order": 13, + "x-menu-order": 23, "x-undo": { "type": "safe" } @@ -570289,7 +571689,7 @@ "step": "there is a valid \"custom_rule\" in the system" } }, - "x-menu-order": 12, + "x-menu-order": 22, "x-undo": { "operationId": "DeleteApplicationSecurityWafCustomRule", "parameters": [ @@ -570439,7 +571839,7 @@ "tags": [ "Application Security" ], - "x-menu-order": 16, + "x-menu-order": 26, "x-terraform-resource": "appsec_waf_custom_rule", "x-undo": { "type": "idempotent" @@ -570891,7 +572291,7 @@ "tags": [ "Application Security" ], - "x-menu-order": 10, + "x-menu-order": 20, "x-terraform-resource": "appsec_waf_custom_rule", "x-undo": { "type": "safe" @@ -571760,7 +573160,7 @@ "Application Security" ], "x-codegen-request-body-name": "body", - "x-menu-order": 15, + "x-menu-order": 25, "x-terraform-resource": "appsec_waf_custom_rule", "x-undo": { "type": "idempotent" @@ -573451,6 +574851,1582 @@ } } }, + "/api/v2/remote_config/products/asm/waf/policies": { + "get": { + "description": "Retrieve a list of WAF policies.", + "operationId": "ListApplicationSecurityWAFPolicies", + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "description": "Response object that includes a list of WAF policies.", + "properties": { + "data": { + "description": "The WAF policy data.", + "items": { + "description": "Object for a single WAF policy.", + "properties": { + "attributes": { + "description": "A WAF policy.", + "properties": { + "description": { + "description": "Description of the WAF policy.", + "example": "Policy applied to internal web applications.", + "type": "string" + }, + "isDefault": { + "description": "Make this policy the default policy. The default policy is applied to every services not specifically added to another policy.", + "example": false, + "type": "boolean" + }, + "name": { + "description": "The Name of the WAF policy.", + "example": "Internal Network Policy", + "type": "string" + }, + "protectionPresets": { + "description": "Presets enabled on this policy.", + "items": { + "example": "attack-tools", + "type": "string" + }, + "type": "array" + }, + "rules": { + "description": "Rule overrides applied by the policy.", + "items": { + "description": "Override WAF rule parameters for services in a policy.", + "properties": { + "blocking": { + "description": "When blocking is enabled, the rule will block the traffic matched by this rule.", + "example": false, + "type": "boolean" + }, + "enabled": { + "description": "When false, this rule will not match any traffic.", + "example": true, + "type": "boolean" + }, + "id": { + "description": "Override the parameters for this WAF rule identifier.", + "example": "rasp-001-002", + "type": "string" + } + }, + "required": [ + "id", + "enabled", + "blocking" + ], + "type": "object" + }, + "type": "array" + }, + "scope": { + "description": "The scope of the WAF policy.", + "items": { + "description": "The scope of the WAF policy.", + "properties": { + "env": { + "description": "The environment scope for the WAF policy.", + "example": "prod", + "type": "string" + }, + "service": { + "description": "The service scope for the WAF policy.", + "example": "billing-service", + "type": "string" + } + }, + "required": [ + "service", + "env" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "default": 0, + "description": "Version of the WAF ruleset maintained by Datadog used by this policy. 0 is the default value.", + "example": 0, + "format": "int64", + "type": "integer" + } + }, + "required": [ + "name", + "description" + ], + "type": "object" + }, + "id": { + "description": "The ID of the policy.", + "example": "2857c47d-1e3a-4300-8b2f-dc24089c084b", + "readOnly": true, + "type": "string" + }, + "metadata": { + "description": "Metadata associated with the WAF policy.", + "properties": { + "added_at": { + "description": "The date and time the WAF policy was created.", + "example": "2021-01-01T00:00:00Z", + "format": "date-time", + "type": "string" + }, + "added_by": { + "description": "The handle of the user who created the WAF policy.", + "example": "john.doe@datadoghq.com", + "type": "string" + }, + "added_by_name": { + "description": "The name of the user who created the WAF policy.", + "example": "John Doe", + "type": "string" + }, + "modified_at": { + "description": "The date and time the WAF policy was last updated.", + "example": "2021-01-01T00:00:00Z", + "format": "date-time", + "type": "string" + }, + "modified_by": { + "description": "The handle of the user who last updated the WAF policy.", + "example": "john.doe@datadoghq.com", + "type": "string" + }, + "modified_by_name": { + "description": "The name of the user who last updated the WAF policy.", + "example": "John Doe", + "type": "string" + } + }, + "readOnly": true, + "type": "object" + }, + "type": { + "default": "policy", + "description": "The type of the resource. The value should always be `policy`.", + "enum": [ + "policy" + ], + "example": "policy", + "type": "string", + "x-enum-varnames": [ + "POLICY" + ] + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + } + } + }, + "description": "OK" + }, + "403": { + "content": { + "application/json": { + "schema": { + "description": "API error response.", + "properties": { + "errors": { + "description": "A list of errors.", + "example": [ + "Bad Request" + ], + "items": { + "description": "A list of items.", + "example": "Bad Request", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "errors" + ], + "type": "object" + } + } + }, + "description": "Not Authorized" + }, + "429": { + "content": { + "application/json": { + "schema": { + "description": "API error response.", + "properties": { + "errors": { + "description": "A list of errors.", + "example": [ + "Bad Request" + ], + "items": { + "description": "A list of items.", + "example": "Bad Request", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "errors" + ], + "type": "object" + } + } + }, + "description": "Too many requests" + } + }, + "summary": "List all WAF policies", + "tags": [ + "Application Security" + ], + "x-menu-order": 13, + "x-undo": { + "type": "safe" + } + }, + "post": { + "description": "Create a new WAF policy.", + "operationId": "CreateApplicationSecurityWafPolicy", + "requestBody": { + "content": { + "application/json": { + "schema": { + "description": "Request object that includes the policy to create.", + "properties": { + "data": { + "description": "Object for a single WAF policy.", + "properties": { + "attributes": { + "description": "Create a new WAF policy.", + "properties": { + "basedOn": { + "description": "When creating a new policy, clone the policy indicated by this identifier.", + "example": "recommended", + "type": "string" + }, + "description": { + "description": "Description of the WAF policy.", + "example": "Policy applied to internal web applications.", + "type": "string" + }, + "isDefault": { + "description": "Make this policy the default policy. The default policy is applied to every services not specifically added to another policy.", + "example": false, + "type": "boolean" + }, + "name": { + "description": "The Name of the WAF policy.", + "example": "Internal Network Policy", + "type": "string" + }, + "protectionPresets": { + "description": "Presets enabled on this policy.", + "items": { + "example": "attack-tools", + "type": "string" + }, + "type": "array" + }, + "rules": { + "description": "Rule overrides applied by the policy.", + "items": { + "description": "Override WAF rule parameters for services in a policy.", + "properties": { + "blocking": { + "description": "When blocking is enabled, the rule will block the traffic matched by this rule.", + "example": false, + "type": "boolean" + }, + "enabled": { + "description": "When false, this rule will not match any traffic.", + "example": true, + "type": "boolean" + }, + "id": { + "description": "Override the parameters for this WAF rule identifier.", + "example": "rasp-001-002", + "type": "string" + } + }, + "required": [ + "id", + "enabled", + "blocking" + ], + "type": "object" + }, + "type": "array" + }, + "scope": { + "description": "The scope of the WAF policy.", + "items": { + "description": "The scope of the WAF policy.", + "properties": { + "env": { + "description": "The environment scope for the WAF policy.", + "example": "prod", + "type": "string" + }, + "service": { + "description": "The service scope for the WAF policy.", + "example": "billing-service", + "type": "string" + } + }, + "required": [ + "service", + "env" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "default": 0, + "description": "Version of the WAF ruleset maintained by Datadog used by this policy. 0 is the default value.", + "example": 0, + "format": "int64", + "type": "integer" + } + }, + "required": [ + "name", + "description", + "basedOn" + ], + "type": "object" + }, + "type": { + "default": "policy", + "description": "The type of the resource. The value should always be `policy`.", + "enum": [ + "policy" + ], + "example": "policy", + "type": "string", + "x-enum-varnames": [ + "POLICY" + ] + } + }, + "required": [ + "attributes", + "type" + ], + "type": "object" + } + }, + "required": [ + "data" + ], + "type": "object" + } + } + }, + "description": "The new WAF policy.", + "required": true + }, + "responses": { + "201": { + "content": { + "application/json": { + "schema": { + "description": "Response object that includes a single WAF policy.", + "properties": { + "data": { + "description": "Object for a single WAF policy.", + "properties": { + "attributes": { + "description": "A WAF policy.", + "properties": { + "description": { + "description": "Description of the WAF policy.", + "example": "Policy applied to internal web applications.", + "type": "string" + }, + "isDefault": { + "description": "Make this policy the default policy. The default policy is applied to every services not specifically added to another policy.", + "example": false, + "type": "boolean" + }, + "name": { + "description": "The Name of the WAF policy.", + "example": "Internal Network Policy", + "type": "string" + }, + "protectionPresets": { + "description": "Presets enabled on this policy.", + "items": { + "example": "attack-tools", + "type": "string" + }, + "type": "array" + }, + "rules": { + "description": "Rule overrides applied by the policy.", + "items": { + "description": "Override WAF rule parameters for services in a policy.", + "properties": { + "blocking": { + "description": "When blocking is enabled, the rule will block the traffic matched by this rule.", + "example": false, + "type": "boolean" + }, + "enabled": { + "description": "When false, this rule will not match any traffic.", + "example": true, + "type": "boolean" + }, + "id": { + "description": "Override the parameters for this WAF rule identifier.", + "example": "rasp-001-002", + "type": "string" + } + }, + "required": [ + "id", + "enabled", + "blocking" + ], + "type": "object" + }, + "type": "array" + }, + "scope": { + "description": "The scope of the WAF policy.", + "items": { + "description": "The scope of the WAF policy.", + "properties": { + "env": { + "description": "The environment scope for the WAF policy.", + "example": "prod", + "type": "string" + }, + "service": { + "description": "The service scope for the WAF policy.", + "example": "billing-service", + "type": "string" + } + }, + "required": [ + "service", + "env" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "default": 0, + "description": "Version of the WAF ruleset maintained by Datadog used by this policy. 0 is the default value.", + "example": 0, + "format": "int64", + "type": "integer" + } + }, + "required": [ + "name", + "description" + ], + "type": "object" + }, + "id": { + "description": "The ID of the policy.", + "example": "2857c47d-1e3a-4300-8b2f-dc24089c084b", + "readOnly": true, + "type": "string" + }, + "metadata": { + "description": "Metadata associated with the WAF policy.", + "properties": { + "added_at": { + "description": "The date and time the WAF policy was created.", + "example": "2021-01-01T00:00:00Z", + "format": "date-time", + "type": "string" + }, + "added_by": { + "description": "The handle of the user who created the WAF policy.", + "example": "john.doe@datadoghq.com", + "type": "string" + }, + "added_by_name": { + "description": "The name of the user who created the WAF policy.", + "example": "John Doe", + "type": "string" + }, + "modified_at": { + "description": "The date and time the WAF policy was last updated.", + "example": "2021-01-01T00:00:00Z", + "format": "date-time", + "type": "string" + }, + "modified_by": { + "description": "The handle of the user who last updated the WAF policy.", + "example": "john.doe@datadoghq.com", + "type": "string" + }, + "modified_by_name": { + "description": "The name of the user who last updated the WAF policy.", + "example": "John Doe", + "type": "string" + } + }, + "readOnly": true, + "type": "object" + }, + "type": { + "default": "policy", + "description": "The type of the resource. The value should always be `policy`.", + "enum": [ + "policy" + ], + "example": "policy", + "type": "string", + "x-enum-varnames": [ + "POLICY" + ] + } + }, + "type": "object" + } + }, + "type": "object" + } + } + }, + "description": "Created" + }, + "400": { + "content": { + "application/json": { + "schema": { + "description": "API error response.", + "properties": { + "errors": { + "description": "A list of errors.", + "example": [ + "Bad Request" + ], + "items": { + "description": "A list of items.", + "example": "Bad Request", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "errors" + ], + "type": "object" + } + } + }, + "description": "Bad Request" + }, + "403": { + "content": { + "application/json": { + "schema": { + "description": "API error response.", + "properties": { + "errors": { + "description": "A list of errors.", + "example": [ + "Bad Request" + ], + "items": { + "description": "A list of items.", + "example": "Bad Request", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "errors" + ], + "type": "object" + } + } + }, + "description": "Not Authorized" + }, + "409": { + "content": { + "application/json": { + "schema": { + "description": "API error response.", + "properties": { + "errors": { + "description": "A list of errors.", + "example": [ + "Bad Request" + ], + "items": { + "description": "A list of items.", + "example": "Bad Request", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "errors" + ], + "type": "object" + } + } + }, + "description": "Concurrent Modification" + }, + "429": { + "content": { + "application/json": { + "schema": { + "description": "API error response.", + "properties": { + "errors": { + "description": "A list of errors.", + "example": [ + "Bad Request" + ], + "items": { + "description": "A list of items.", + "example": "Bad Request", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "errors" + ], + "type": "object" + } + } + }, + "description": "Too many requests" + } + }, + "summary": "Create a WAF Policy", + "tags": [ + "Application Security" + ], + "x-codegen-request-body-name": "body", + "x-given": { + "policy": { + "parameters": [ + { + "name": "body", + "value": "{\n \"data\": {\n \"type\": \"policy\",\n \"attributes\": {\n \"name\": \"Test policy\",\n \"description\": \"This is a test policy.\",\n \"basedOn\": \"recommended\"\n }\n }\n}" + } + ], + "step": "there is a valid \"policy\" in the system" + } + }, + "x-menu-order": 12, + "x-undo": { + "operationId": "DeleteApplicationSecurityWafPolicy", + "parameters": [ + { + "name": "policy_id", + "source": "data.id" + } + ], + "type": "unsafe" + } + } + }, + "/api/v2/remote_config/products/asm/waf/policies/{policy_id}": { + "delete": { + "description": "Delete a specific WAF policy.", + "operationId": "DeleteApplicationSecurityWafPolicy", + "parameters": [ + { + "description": "The ID of the policy.", + "example": "recommended", + "in": "path", + "name": "policy_id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "No Content" + }, + "403": { + "content": { + "application/json": { + "schema": { + "description": "API error response.", + "properties": { + "errors": { + "description": "A list of errors.", + "example": [ + "Bad Request" + ], + "items": { + "description": "A list of items.", + "example": "Bad Request", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "errors" + ], + "type": "object" + } + } + }, + "description": "Not Authorized" + }, + "404": { + "content": { + "application/json": { + "schema": { + "description": "API error response.", + "properties": { + "errors": { + "description": "A list of errors.", + "example": [ + "Bad Request" + ], + "items": { + "description": "A list of items.", + "example": "Bad Request", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "errors" + ], + "type": "object" + } + } + }, + "description": "Not Found" + }, + "409": { + "content": { + "application/json": { + "schema": { + "description": "API error response.", + "properties": { + "errors": { + "description": "A list of errors.", + "example": [ + "Bad Request" + ], + "items": { + "description": "A list of items.", + "example": "Bad Request", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "errors" + ], + "type": "object" + } + } + }, + "description": "Concurrent Modification" + }, + "429": { + "content": { + "application/json": { + "schema": { + "description": "API error response.", + "properties": { + "errors": { + "description": "A list of errors.", + "example": [ + "Bad Request" + ], + "items": { + "description": "A list of items.", + "example": "Bad Request", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "errors" + ], + "type": "object" + } + } + }, + "description": "Too many requests" + } + }, + "summary": "Delete a WAF Policy", + "tags": [ + "Application Security" + ], + "x-menu-order": 16, + "x-terraform-resource": "appsec_waf_policy", + "x-undo": { + "type": "idempotent" + } + }, + "get": { + "description": "Retrieve a WAF policy by ID.", + "operationId": "GetApplicationSecurityWafPolicy", + "parameters": [ + { + "description": "The ID of the policy.", + "example": "recommended", + "in": "path", + "name": "policy_id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "description": "Response object that includes a single WAF policy.", + "properties": { + "data": { + "description": "Object for a single WAF policy.", + "properties": { + "attributes": { + "description": "A WAF policy.", + "properties": { + "description": { + "description": "Description of the WAF policy.", + "example": "Policy applied to internal web applications.", + "type": "string" + }, + "isDefault": { + "description": "Make this policy the default policy. The default policy is applied to every services not specifically added to another policy.", + "example": false, + "type": "boolean" + }, + "name": { + "description": "The Name of the WAF policy.", + "example": "Internal Network Policy", + "type": "string" + }, + "protectionPresets": { + "description": "Presets enabled on this policy.", + "items": { + "example": "attack-tools", + "type": "string" + }, + "type": "array" + }, + "rules": { + "description": "Rule overrides applied by the policy.", + "items": { + "description": "Override WAF rule parameters for services in a policy.", + "properties": { + "blocking": { + "description": "When blocking is enabled, the rule will block the traffic matched by this rule.", + "example": false, + "type": "boolean" + }, + "enabled": { + "description": "When false, this rule will not match any traffic.", + "example": true, + "type": "boolean" + }, + "id": { + "description": "Override the parameters for this WAF rule identifier.", + "example": "rasp-001-002", + "type": "string" + } + }, + "required": [ + "id", + "enabled", + "blocking" + ], + "type": "object" + }, + "type": "array" + }, + "scope": { + "description": "The scope of the WAF policy.", + "items": { + "description": "The scope of the WAF policy.", + "properties": { + "env": { + "description": "The environment scope for the WAF policy.", + "example": "prod", + "type": "string" + }, + "service": { + "description": "The service scope for the WAF policy.", + "example": "billing-service", + "type": "string" + } + }, + "required": [ + "service", + "env" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "default": 0, + "description": "Version of the WAF ruleset maintained by Datadog used by this policy. 0 is the default value.", + "example": 0, + "format": "int64", + "type": "integer" + } + }, + "required": [ + "name", + "description" + ], + "type": "object" + }, + "id": { + "description": "The ID of the policy.", + "example": "2857c47d-1e3a-4300-8b2f-dc24089c084b", + "readOnly": true, + "type": "string" + }, + "metadata": { + "description": "Metadata associated with the WAF policy.", + "properties": { + "added_at": { + "description": "The date and time the WAF policy was created.", + "example": "2021-01-01T00:00:00Z", + "format": "date-time", + "type": "string" + }, + "added_by": { + "description": "The handle of the user who created the WAF policy.", + "example": "john.doe@datadoghq.com", + "type": "string" + }, + "added_by_name": { + "description": "The name of the user who created the WAF policy.", + "example": "John Doe", + "type": "string" + }, + "modified_at": { + "description": "The date and time the WAF policy was last updated.", + "example": "2021-01-01T00:00:00Z", + "format": "date-time", + "type": "string" + }, + "modified_by": { + "description": "The handle of the user who last updated the WAF policy.", + "example": "john.doe@datadoghq.com", + "type": "string" + }, + "modified_by_name": { + "description": "The name of the user who last updated the WAF policy.", + "example": "John Doe", + "type": "string" + } + }, + "readOnly": true, + "type": "object" + }, + "type": { + "default": "policy", + "description": "The type of the resource. The value should always be `policy`.", + "enum": [ + "policy" + ], + "example": "policy", + "type": "string", + "x-enum-varnames": [ + "POLICY" + ] + } + }, + "type": "object" + } + }, + "type": "object" + } + } + }, + "description": "OK" + }, + "403": { + "content": { + "application/json": { + "schema": { + "description": "API error response.", + "properties": { + "errors": { + "description": "A list of errors.", + "example": [ + "Bad Request" + ], + "items": { + "description": "A list of items.", + "example": "Bad Request", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "errors" + ], + "type": "object" + } + } + }, + "description": "Not Authorized" + }, + "429": { + "content": { + "application/json": { + "schema": { + "description": "API error response.", + "properties": { + "errors": { + "description": "A list of errors.", + "example": [ + "Bad Request" + ], + "items": { + "description": "A list of items.", + "example": "Bad Request", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "errors" + ], + "type": "object" + } + } + }, + "description": "Too many requests" + } + }, + "summary": "Get a WAF Policy", + "tags": [ + "Application Security" + ], + "x-menu-order": 10, + "x-terraform-resource": "appsec_waf_policy", + "x-undo": { + "type": "safe" + } + }, + "put": { + "description": "Update a specific WAF policy.\nReturns the Policy object when the request is successful.", + "operationId": "UpdateApplicationSecurityWafPolicy", + "parameters": [ + { + "description": "The ID of the policy.", + "example": "recommended", + "in": "path", + "name": "policy_id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "description": "Request object that includes the policy to update.", + "properties": { + "data": { + "description": "Object for a single WAF policy.", + "properties": { + "attributes": { + "description": "Update a WAF policy.", + "properties": { + "description": { + "description": "Description of the WAF policy.", + "example": "Policy applied to internal web applications.", + "type": "string" + }, + "isDefault": { + "description": "Make this policy the default policy. The default policy is applied to every services not specifically added to another policy.", + "example": false, + "type": "boolean" + }, + "name": { + "description": "The Name of the WAF policy.", + "example": "Internal Network Policy", + "type": "string" + }, + "protectionPresets": { + "description": "Presets enabled on this policy.", + "example": [ + "attack-tools" + ], + "items": { + "example": "attack-tools", + "type": "string" + }, + "type": "array" + }, + "rules": { + "description": "Rule overrides applied by the policy.", + "items": { + "description": "Override WAF rule parameters for services in a policy.", + "properties": { + "blocking": { + "description": "When blocking is enabled, the rule will block the traffic matched by this rule.", + "example": false, + "type": "boolean" + }, + "enabled": { + "description": "When false, this rule will not match any traffic.", + "example": true, + "type": "boolean" + }, + "id": { + "description": "Override the parameters for this WAF rule identifier.", + "example": "rasp-001-002", + "type": "string" + } + }, + "required": [ + "id", + "enabled", + "blocking" + ], + "type": "object" + }, + "type": "array" + }, + "scope": { + "description": "The scope of the WAF policy.", + "items": { + "description": "The scope of the WAF policy.", + "properties": { + "env": { + "description": "The environment scope for the WAF policy.", + "example": "prod", + "type": "string" + }, + "service": { + "description": "The service scope for the WAF policy.", + "example": "billing-service", + "type": "string" + } + }, + "required": [ + "service", + "env" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "default": 0, + "description": "Version of the WAF ruleset maintained by Datadog used by this policy. 0 is the default value.", + "example": 0, + "format": "int64", + "type": "integer" + } + }, + "required": [ + "name", + "description", + "version", + "isDefault", + "rules", + "protectionPresets", + "scope" + ], + "type": "object" + }, + "type": { + "default": "policy", + "description": "The type of the resource. The value should always be `policy`.", + "enum": [ + "policy" + ], + "example": "policy", + "type": "string", + "x-enum-varnames": [ + "POLICY" + ] + } + }, + "required": [ + "attributes", + "type" + ], + "type": "object" + } + }, + "required": [ + "data" + ], + "type": "object" + } + } + }, + "description": "New WAF Policy.", + "required": true + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "description": "Response object that includes a single WAF policy.", + "properties": { + "data": { + "description": "Object for a single WAF policy.", + "properties": { + "attributes": { + "description": "A WAF policy.", + "properties": { + "description": { + "description": "Description of the WAF policy.", + "example": "Policy applied to internal web applications.", + "type": "string" + }, + "isDefault": { + "description": "Make this policy the default policy. The default policy is applied to every services not specifically added to another policy.", + "example": false, + "type": "boolean" + }, + "name": { + "description": "The Name of the WAF policy.", + "example": "Internal Network Policy", + "type": "string" + }, + "protectionPresets": { + "description": "Presets enabled on this policy.", + "items": { + "example": "attack-tools", + "type": "string" + }, + "type": "array" + }, + "rules": { + "description": "Rule overrides applied by the policy.", + "items": { + "description": "Override WAF rule parameters for services in a policy.", + "properties": { + "blocking": { + "description": "When blocking is enabled, the rule will block the traffic matched by this rule.", + "example": false, + "type": "boolean" + }, + "enabled": { + "description": "When false, this rule will not match any traffic.", + "example": true, + "type": "boolean" + }, + "id": { + "description": "Override the parameters for this WAF rule identifier.", + "example": "rasp-001-002", + "type": "string" + } + }, + "required": [ + "id", + "enabled", + "blocking" + ], + "type": "object" + }, + "type": "array" + }, + "scope": { + "description": "The scope of the WAF policy.", + "items": { + "description": "The scope of the WAF policy.", + "properties": { + "env": { + "description": "The environment scope for the WAF policy.", + "example": "prod", + "type": "string" + }, + "service": { + "description": "The service scope for the WAF policy.", + "example": "billing-service", + "type": "string" + } + }, + "required": [ + "service", + "env" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "default": 0, + "description": "Version of the WAF ruleset maintained by Datadog used by this policy. 0 is the default value.", + "example": 0, + "format": "int64", + "type": "integer" + } + }, + "required": [ + "name", + "description" + ], + "type": "object" + }, + "id": { + "description": "The ID of the policy.", + "example": "2857c47d-1e3a-4300-8b2f-dc24089c084b", + "readOnly": true, + "type": "string" + }, + "metadata": { + "description": "Metadata associated with the WAF policy.", + "properties": { + "added_at": { + "description": "The date and time the WAF policy was created.", + "example": "2021-01-01T00:00:00Z", + "format": "date-time", + "type": "string" + }, + "added_by": { + "description": "The handle of the user who created the WAF policy.", + "example": "john.doe@datadoghq.com", + "type": "string" + }, + "added_by_name": { + "description": "The name of the user who created the WAF policy.", + "example": "John Doe", + "type": "string" + }, + "modified_at": { + "description": "The date and time the WAF policy was last updated.", + "example": "2021-01-01T00:00:00Z", + "format": "date-time", + "type": "string" + }, + "modified_by": { + "description": "The handle of the user who last updated the WAF policy.", + "example": "john.doe@datadoghq.com", + "type": "string" + }, + "modified_by_name": { + "description": "The name of the user who last updated the WAF policy.", + "example": "John Doe", + "type": "string" + } + }, + "readOnly": true, + "type": "object" + }, + "type": { + "default": "policy", + "description": "The type of the resource. The value should always be `policy`.", + "enum": [ + "policy" + ], + "example": "policy", + "type": "string", + "x-enum-varnames": [ + "POLICY" + ] + } + }, + "type": "object" + } + }, + "type": "object" + } + } + }, + "description": "OK" + }, + "400": { + "content": { + "application/json": { + "schema": { + "description": "API error response.", + "properties": { + "errors": { + "description": "A list of errors.", + "example": [ + "Bad Request" + ], + "items": { + "description": "A list of items.", + "example": "Bad Request", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "errors" + ], + "type": "object" + } + } + }, + "description": "Bad Request" + }, + "403": { + "content": { + "application/json": { + "schema": { + "description": "API error response.", + "properties": { + "errors": { + "description": "A list of errors.", + "example": [ + "Bad Request" + ], + "items": { + "description": "A list of items.", + "example": "Bad Request", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "errors" + ], + "type": "object" + } + } + }, + "description": "Not Authorized" + }, + "404": { + "content": { + "application/json": { + "schema": { + "description": "API error response.", + "properties": { + "errors": { + "description": "A list of errors.", + "example": [ + "Bad Request" + ], + "items": { + "description": "A list of items.", + "example": "Bad Request", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "errors" + ], + "type": "object" + } + } + }, + "description": "Not Found" + }, + "409": { + "content": { + "application/json": { + "schema": { + "description": "API error response.", + "properties": { + "errors": { + "description": "A list of errors.", + "example": [ + "Bad Request" + ], + "items": { + "description": "A list of items.", + "example": "Bad Request", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "errors" + ], + "type": "object" + } + } + }, + "description": "Concurrent Modification" + }, + "429": { + "content": { + "application/json": { + "schema": { + "description": "API error response.", + "properties": { + "errors": { + "description": "A list of errors.", + "example": [ + "Bad Request" + ], + "items": { + "description": "A list of items.", + "example": "Bad Request", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "errors" + ], + "type": "object" + } + } + }, + "description": "Too many requests" + } + }, + "summary": "Update a WAF Policy", + "tags": [ + "Application Security" + ], + "x-codegen-request-body-name": "body", + "x-menu-order": 15, + "x-terraform-resource": "appsec_waf_policy", + "x-undo": { + "type": "idempotent" + } + } + }, "/api/v2/remote_config/products/cws/agent_rules": { "get": { "description": "Get the list of Workload Protection agent rules.\n\n**Note**: This endpoint is not available for the Government (US1-FED) site. Please reference the (US1-FED) specific resource below.",